Personally, I leave the version statement alone. I like having my "internal" servers return the current running version when queried. I disable chaos queries on my internet facing servers via views thus effectively not answering any queries for the version or hostname from folks I don't know. I agree that today's attackers really don't care, they just try to exploit everything known.
The other thing I do is code server-id=hostname; on my "internal" servers and server-id=<something meaningful>; on my internet facing servers. This returns the actual hostname for "internal" servers when queried for the chaos hostname.bind or id.server or when repomding to a +nsid request. It will not return an answer for chaos queries on the internet facing servers (because of the previously mentioned view restriction) while the response to a +nsid request will be a meaningful name. This is especially handy on the "inside" for HA clusters and anycast cloud member servers as it returns the actual server name the response came from. For internet facing queries it will simply return the meaningful name you specified when responding to a +nsid request. Depending on the name chosen, this can be useful for troubleshooting. Choose wisely. YMMV, Bob
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users