Some PCI-Compliance scanners will report a low risk warning about BIND DNS server reporting it’s version number. While this won’t stop you from being PCI-Compliant, you are strongly urged to resolve this to prevent potential exploits from being used against your specific version of BIND.

Excerp from mcafeesecure:

The remote host is running BIND or another DNS server that reports its
version number when it receives a special request, for the text
‘version.bind’ in the domain ‘chaos’.

Resolving this is quite easy. Simply open your named.conf file in an editor such as nano:

# nano /etc/named.conf
Add the following “version” line in the options section:
options {
version “Not disclosed”;
Please note I have omitted other options present here which will vary by system. The only line you are adding is:
version “Not disclosed”;
Now save, exit, and restart bind:
# service named restart
All done! Now you can rescan with your PCI Compliance vendor and this should no longer be in your vulnerabilities section.