BIND 9.4.2 弱點如何修正? - BBS

請問一下版上的大大，最近在玩一套弱點掃瞄的軟體，
我用他來掃我的DNS，發現都會出下以下3個弱點，就算升級到BIND 9.4.2
還是一樣，找了網路上的文章，都沒有說怎麼避免，不知道有沒有大大知道的

1.DNS Cache Snooping

Description:
Remote DNS server is vulnerable to Cache Snooping attacks.

Recommendation:

Review the above mentioned paper for an overview of the implications
and recommended solutions to the DNS Cache Snooping attack. Ensure you
have the latest version of your DNS Server although this vulnerability
may be the result of configuration error.

The DNS Cache Snooping article contains a safe BIND configuration
that restricts recursive requests to trusted clients. Ensure DNS
servers that service untrusted networks only provide authoritative
data and do not respond to recursive requests.


2.BIND Allow Authors Request

Description:
BIND versions 9.0 and later could allow a remote attacker
to obtain sensitive information.

Recommendation:
http://www.isc.org/products/BIND/

3.BIND Allow Version Request

Description:
BIND (Berkeley Internet Name Domain) servers support
the ability to be remotely queried for their version numbers.

Recommendation:
Disable the BIND version query feature.

關於第3點，網路上都是教人填一個版本進去，但要怎麼關掉呢？


--