Nmap Development mailing list archives
DNSSEC NSEC howto
From: David Fifield <david () bamsoftware com>
Date: Thu, 24 Feb 2011 20:31:22 -0800
I wanted to try out John's NSEC enumeration scritp without abusing public servers. Here's a quick howto on setting up BIND to serve NSEC records locally on Debian. # apt-get install bind9 bind9utils ldnsutils bind9utils contains the dnssec-keygen and dnssec-signzone utilities. ldnsutils contains the drill command that is like dig with easy DNSSEC queries. ldnsutils also has ldns-walk which does the same job as this script. # cd /etc/bind # dnssec-keygen -r /dev/urandom -a RSASHA1 -b 4096 -n ZONE example.com # dnssec-keygen -r /dev/urandom -a RSASHA1 -b 4096 -n ZONE -f KSK example.com Write the file db.example.com: $ORIGIN example.com. $TTL 1h example.com. IN SOA ns.example.com. bind.example.com. ( 1 1d 2h 4w 1h ) example.com. NS ns example.com. A 123.123.123.1 charmander A 123.123.123.2 bulbasaur A 123.123.123.3 gyarados A 123.123.123.4 snorlax A 123.123.123.5 vulpix A 123.123.123.6 dugtrio A 123.123.123.7 ns A 123.123.123.100 $INCLUDE /etc/bind/Kexample.com.+005+03702.key $INCLUDE /etc/bind/Kexample.com.+005+36802.key # dnssec-signzone -o example.com db.example.com Add to named.conf: zone "example.com" { type master; file "/etc/bind/db.example.com.signed"; }; # /etc/init.d/bind9 restart At this point you can enumerate the domain with ldns-walk: $ ldns-walk example.com @localhost example.com. example.com. A NS SOA RRSIG NSEC DNSKEY bulbasaur.example.com. A RRSIG NSEC charmander.example.com. A RRSIG NSEC dugtrio.example.com. A RRSIG NSEC gyarados.example.com. A RRSIG NSEC ns.example.com. A RRSIG NSEC snorlax.example.com. A RRSIG NSEC vulpix.example.com. A RRSIG NSEC And with the new script: $ sudo ./nmap --datadir . -sS localhost -p53 --script=dns-nsec-enum --script-args dns-nsec-enum.domains={example.com} PORT STATE SERVICE 53/tcp open domain | dns-nsec-enum: | hosts for example.com: | | bulbasaur.example.com:example.com:A:NS:SOA:RRSIG:NSEC:DNSKEY | charmander.example.com:bulbasaur.example.com:A:RRSIG:NSEC | dugtrio.example.com:charmander.example.com:A:RRSIG:NSEC | gyarados.example.com:dugtrio.example.com:A:RRSIG:NSEC | ns.example.com:gyarados.example.com:A:RRSIG:NSEC | snorlax.example.com:ns.example.com:A:RRSIG:NSEC |_ vulpix.example.com:snorlax.example.com:A:RRSIG:NSEC To query an existent or nonexistent name individually: $ drill -D name.example.com. @localhost David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: NSEC Enumeration script, (continued)
- Re: NSEC Enumeration script David Fifield (Mar 30)
- Re: NSEC Enumeration script David Fifield (Mar 25)
- Re: NSEC Enumeration script John Bond (Mar 25)
- Re: NSEC Enumeration script David Fifield (Mar 25)
- Re: NSEC Enumeration script John Bond (Mar 15)
- Re: NSEC Enumeration script John Bond (Mar 17)
- Re: NSEC Enumeration script David Fifield (Mar 17)
- Re: NSEC Enumeration script John Bond (Mar 17)
- Re: NSEC Enumeration script John Bond (Mar 17)
- Re: NSEC Enumeration script John Bond (Mar 17)
- DNSSEC NSEC howto David Fifield (Feb 24)
- Re: DNSSEC NSEC howto John Bond (Feb 25)
- Re: DNSSEC NSEC howto John Bond (Feb 25)
- Re: DNSSEC NSEC howto David Fifield (Feb 26)
- Re: DNSSEC NSEC howto John Bond (Feb 26)
- Re: DNSSEC NSEC howto John Bond (Feb 25)