faqts : Computers : Internet : Domain Names : djbdns

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

21 of 23 people (91%) answered Yes
Recently 9 of 10 people (90%) answered Yes

Entry

How do I determine what version of djbdns or Bind is running on a server (fingerprinting)?

Aug 6th, 2002 03:11
Brian Coogan, 


You can use the CHAOS version query to fingerprint nameserver 
software.  These are the answers as sumamrized from the mailing list 
recently.  Note that, if Bind is well locked down, you'll be able to 
find out very little about it.
It does seem that you should be able to at least distinguish Bind 
(version string, NXDOMAIN, or NOTIMP) from tinydns (FORMERR, or no 
response).
As far as I know, you have to use dig to send these queries, djbdns 
tools won't send CHAOS class queries.
Example dig command:
   dig @nameserver.company.com -c chaos version.bind txt
Responses as from the mailing list:
  tinydns 1.05: FORMERR
  tindns < 1.05: no response at all
  Win2K/NT4 DNS: NOTIMP
  BIND 8.2.x and later: version, admin-configured version, NXDOMAIN. 
  BIND 4.9.3 - 8.1.x: version string, or NXDOMAIN 
  BIND < 4.9.2: NOTIMP
  Alteon WebOS:  NXDOMAIN
  Bind version 8 returns 'VERSION.BIND' (ie uppercase)
  Bind version 9 returns 'version.bind' (ie lowercase)
    -- in response to the above chaos query.
Contributions or additions to this list gratefully received, in 
particular it would be nice to be able to distinguish between versions 
of Bind and tinydns.