You may have performed a DNS test and gotten the following response back when running a DNS test:
One or more nameservers responded to version queries. This can be considered a breach of security. If a malicious person or program had access to a version-specific exploit for your DNS server, displaying the version info openly will make their attack much easier. This should be removed or obscured. The nameservers that responded to version queries are:
Or you may have run a DNS test and received a warning that you should mask your DNS version. To do this on a cPanel server or any server with CentOS (and many other linux distributions), please do the following:
Login to Shell as the root user of your server or VPS. If you are unable to, you will need to contact your host and let them know.
Open your named configuration file:
vi /etc/named.conf
Look for the section that starts with options { and looks more or less like this:
options {
/* make named use port 53 for the source of all queries, to allow
* firewalls to block all ports except 53:
*/
// query-source port 53;
/* We no longer enable this by default as the dns posion exploit
has forced many providers to open up their firewalls a bit */
// Put files that named is allowed to write in the data/ directory:
directory “/var/named”; // the default
pid-file “/var/run/named/named.pid”;
dump-file “data/cache_dump.db”;
statistics-file “data/named_stats.txt”;
/* memstatistics-file “data/named_mem_stats.txt”; */
allow-transfer {“none”;};
version “BIND”;
};
Now you are going to add this line to that section:
version “BIND”;
That section will now look like something like this:
options {
/* make named use port 53 for the source of all queries, to allow
* firewalls to block all ports except 53:
*/
// query-source port 53;
/* We no longer enable this by default as the dns posion exploit
has forced many providers to open up their firewalls a bit */
// Put files that named is allowed to write in the data/ directory:
directory “/var/named”; // the default
pid-file “/var/run/named/named.pid”;
dump-file “data/cache_dump.db”;
statistics-file “data/named_stats.txt”;
/* memstatistics-file “data/named_mem_stats.txt”; */
allow-transfer {“none”;};
version “BIND”;
};
Then save the file. If your section looks a little different, that’s ok. Just add that version line and replace the word “BIND” with whatever you want it to say, or just use the above. Leave whatever you type inside of the quotes, that is important. For example, you could have it say:
version “N/A”;
Now run your DNS test again and you shouldn’t have any errors on this, and instead of the actual version being reported, the only thing that will be reported is what you put in the quotes.
If you have a VPS, VDS, or Dedicated Server with Webhostpython, please contact support if you would like for a representative to do this for you.