Re: DNS Version check.

From: Nexus (nexusat_private-way.co.uk)
Date: Thu Jun 06 2002 - 03:20:57 PDT

Next message: b0iler _: "Re: Exploiting Buffer Overflows in CGI Scripts"

Previous message: rogue: "Re: Trillian Messaging Software"
In reply to: Vjay LaRosa: "DNS Version check."
Next in thread: Admin: "Re: DNS Version check."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If you are using perl then Net::DNS by Mike Fuhr
http://www.fuhr.org/~mfuhr/perldns/ is the way to go and use something
similar to :

 $packet = $res->query("version.bind","TXT","CH");

As has been said, this string can be changed from the default, or even it's
request can be refused.   That said, you can also query servers for
"authors.bind" to possibly fingerprint BIND versions of 9.x.x - this is a CH
class TXT record again - don't think there is a way to query for the version
string without using the CH class.   For completeness as folks have
mentioned doing this with dig, you can do it with nslookup as well, both as
a one-liner and interactively :

[nexus@wulfgar nexus]$ nslookup -q=txt -class=chaos version.bind 192.168.1.1
Server:  ns1.example.com
Address:  192.168.1.1

VERSION.BIND    text = "8.2.3-REL-NOESW"
[nexus@wulfgar nexus]$ nslookup
Default Server:  ns1.example.com
Address:  192.168.1.1

> set class=chaos
> set type=txt
> version.bind
Server:  ns1.example.com
Address:  192.168.1.1

VERSION.BIND    text = "8.2.3-REL-NOESW"
> exit
[nexus@wulfgar nexus]$

FWIW, there are other ways to fingerprint DNS servers even when the string
is not present by looking at the RCODE reply from the server.
For example, An RCODE reply of 4, "Not Implemented" is consistent with the
MS DNS servers, RCODE of 1, "Format String Error" is consistent with Dan
Bernstein's DJBDNS/TinyDNS and a reply of 2, "Internal Server Error" was
found to be the response from Novell BorderManager.
Other ways of doing this are WIP atm ;-)

Cheers.

----- Original Message -----
From: "Vjay LaRosa" <vjaylat_private>
To: <vuln-devat_private>
Sent: Wednesday, June 05, 2002 10:59 PM
Subject: DNS Version check.


> Hello,
>
> Does any one know if it is possible to request the version of bind a
> server is running? I would like to write a quick perl script to scan my
> network to check all of the versions. Thanks!
>
> vjl
>
>
>
> --
>   V.Jay LaRosa EMC Corporation
>   Systems Administrator 171 South Street
>   (508)435-1000 ext 14957 Hopkinton, MA 01748
>   (508)497-8082 fax www.emc.com
>

Next message: b0iler _: "Re: Exploiting Buffer Overflows in CGI Scripts"
Previous message: rogue: "Re: Trillian Messaging Software"
In reply to: Vjay LaRosa: "DNS Version check."
Next in thread: Admin: "Re: DNS Version check."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 06 2002 - 08:48:22 PDT