Checking for a DNS BIND version

Being able to see which version of BIND a DNS server is running will give you some potentially great information. A lot of DNS servers out there are designed to not give up that information or reveal some generic information about its setup. But there are still a lot of BIND instances running out there that may reveal the exact version of BIND they are running. Using the version you glean from the following command, you can cross-reference that version against any known exploits, and if there are some, you now have a potential way in.

In the following example, I was able to grab the BIND server information from a publicly available DNS server. I have changed the name to protect the innocent:

root@pi-kali:~# host -c chaos -t txt version.bind DNS1.XXXX.NET
Using domain server:
Name: DNS1.XXXX.NET
Address: XXX.XXX.XXX.XXX#53
Aliases:
version.bind descriptive text "9.3.6-P1-RedHat-9.3.6-16.P1.1.2012012401"