GEN:SID 1:1616
Message DNS named version attempt
Summary This event is generated when an attempt is made to query version.bind on your DNS server.
Impact Reconnaissance. This may indicate which version of BIND the server is running.
Detailed Information An attacker can query a DNS server for the version of BIND running.  Some versions of BIND, by default, respond to these queries while BIND version 9; by default, does not.  A response to this query can assist an attacker in discovering servers that are potentially vulnerable to exploits associated with specific versions of BIND.
Affected Systems All versions of BIND.
Attack Scenarios An attacker can execute this query to find DNS servers running specific versions of BIND.
Ease of Attack Simple. Use the Unix command 'dig @ns.com version.bind txt chaos'
Corrective Action Remove the ability to retrieve the version.bind chaos record via configuration options.
Additional References Nessus:
http://cgi.nessus.org/plugins/dump.php3?id=10028

Arachnids::
http://www.whitehats.com/info/IDS278
Rule References arachnids: 278
nessus: 10028