From Microsoft Windows 2008 Server Domain Name System Security Technical Implementation Guide
Part of SRG-APP-000333-DNS-000104
Associated with: CCI-001312
Each newer version of the name server software, especially the BIND software, generally is devoid of vulnerabilities found in earlier versions because it has design changes incorporated to take care of those vulnerabilities. Of course, these vulnerabilities have been exploited (i.e., some form of attack was launched), and sufficient information has been generated with respect to the nature of those exploits. Thus, it makes good business sense to run the latest version of name server software because theoretically it is the safest version.
The "EnableVersionQuery" property controls what version information the DNS server will respond with when a DNS query with class set to “CHAOS” and type set to “TXT” is received.
Log on to the DNS server using the Domain Admin or Enterprise Admin account.
Open a command window and execute the command:
nslookup 
To disable the version being returned in queries, execute the following command:
dnscmd /config /EnableVersionQuery 0 
	Lavender hyperlinks in small type off to the right (of CSS
	class id, if you view the page source) point to
	globally unique URIs for each document and item. Copy the
	link location and paste anywhere you need to talk
	unambiguously about these things.
	
      
	You can obtain data about documents and items in other
	formats. Simply provide an HTTP header Accept:
	text/turtle or
	Accept: application/rdf+xml.
      
Powered by sagemincer