Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: RE: Nmap reverse DNS module

From: doug () hcsw org
Date: Wed, 18 Oct 2006 11:43:22 -0700

Subject: RE: Nmap reverse DNS module
To: doug () hcsw org
From: XXX
X-OriginalArrivalTime: 18 Oct 2006 01:59:55.0886 (UTC) FILETIME=[1BC9D0E0:01C6F259]
X-MIME-Autoconverted: from quoted-printable to 8bit by hcsw.org id k9I246C5025097

Thanks for the reply Doug, it sure helps.  You're more than welcome to
post this to the nmap-dev list, I'd just ask you remove my name and
email address from the thread.  Thanks!

-XXX

-----Original Message-----
From: doug () hcsw org [mailto:doug () hcsw org] 
Sent: Tuesday, October 17, 2006 5:42 PM
To: XXX
Cc: fyodor () insecure org
Subject: Re: Nmap reverse DNS module

Hi XXX,

On Tue, Oct 17, 2006 at 04:00:33PM -0700 or thereabouts, XXX wrote:

I'm trying to use the --dns_servers switch in NMAP to map a hostname to
an FQDN.  For example hostname "test" returns the FQDN test.foo.com.  I
want to provide a specific list of DNS servers for NMAP to query.  My
first question is do I have the correct usage



Nmap -sP test -dns_servers 1.1.1.1, 2.2.2.2, 3.3.3.3


Not quite. Here are a few issues with this command:

o DNS servers need to be separated by only , and not spaces so Nmap reads
  the server list as a single argument.

o Using -sP (ping scan) is probably unnecessary since you're only qualifying
  domain names. In fact, Nmap will not run the reverse dns resolver against
  hosts that are determined to be down (but see -R). You might have better
  luck with -sL.

o Current Nmap best-practice says to use - instead of _ in long options.

So here is the command I suggest:

nmap -sL test --dns-servers 1.1.1.1,2.2.2.2,3.3.3.3

Also notice that you can use domain names instead of IP addresses for
the DNS servers if that makes your life easier.


and secondly, will NMAP
query the ENTIRE list of DNS servers if it fails to resolve using the
first couple of servers?


Very good question! Generally Nmap will try up to 3 DNS servers for
a reverse query though this can be changed in nmap_dns.cc so:

// Each request will try to resolve on at most this many servers:
#define SERVERS_TO_TRY 3

Notice that if we receive an NXDOMAIN from one of the servers this counts
as a successful lookup (there is no such name) and Nmap will not retry
on any of the other servers - even though one of them might have records
for the domain.


Thank you for your time and contributing to a wonderful and essential
utility.
 
-XXX


Thank you for your interest in Nmap! Do you mind if I forward this
response to the nmap-dev list so this can be documented for the future
event that someone has a similar question?

Best,

Doug

----- End forwarded message -----


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: