Abstract: Some security analysts say that removing all kind of information provided by a server about the installed software, might limit the information a attacker could reuse in order to attack a server. So they mentioned to remove the DNS Software Version information which is provided by a Microsoft DNS server.
Solution: To remove the DNS Software Version information there are two possible options.
Option one is to open a CMD comandprompt with admin rights and entering the command:
dnscmd /config /EnableVersionQuery 0
Option two is to edit the registry (which is changed as well by the command above)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters\EnableVersionQuery to 0
 Possible values (as seen on the MS Website):
0x00000000 | DNS_VERSION_QUERY_OFF | No version information will be returned. |
0x00000001 | DNS_VERSION_QUERY_FULL | The server responds with major operating system version, minor operating system version, and operating system revision. |
0x00000002 | DNS_VERSION_QUERY_MINIMAL | The server responds with major operating system version and minor operating system version. |
Note: On Windows Server 2008 / Windows Server 2008 R2 the default value is 0x00000001. On Windows Server 2012 / Windows Server 2012 R2 the default value is 0x00000000.
Â