DNS

[hdm at metasploit.com (H D Moore)]

The version number has little to do with exploitability. For example, the 
BIND 9.5.0-P1 (patched) release is still easily exploitable if the source 
port has been set to be static (query-source * 53). You can use a 
standard BIND version query to probe these machines for patch level, but 
you still need to verify the query source port has been randomized.

On Thursday 31 July 2008, Wright, Gareth wrote:
> Our network runs under a chain of dns servers and I?ll need to work my
> way up/down them to probe for a weak link in the chain. Is it not
> possible to request the version number of networks dns servers, thus
> avoiding the need to perform a manual hijack attempt.