Re: NSEC Enumeration script

[David Fifield <david () bamsoftware com>]

On Thu, Mar 17, 2011 at 07:45:13PM +0100, John Bond wrote:
> On 15 March 2011 20:58, John Bond <john.r.bond () gmail com> wrote:
> > On 15 March 2011 07:27, David Fifield <david () bamsoftware com> wrote:
> > > Also, this is minor, but please fix the errors from a search and replace
> > > of "ds". The word "records" got turned into e.g. "recornsec3" and
> > > "recordnskey".
> >
> > I think i have corrected all these now as well
> I have made an update to the NSEC3 decoder function.  it wasn't
> parsing the packet correctly before.  Also i was not decoding the
> NSEC3 next record data,  i was just converting it to hex.  I have now
> made an update so the packet is parsed correctly (however some records
> seem to be having a strange types array).  I have also hacked Philip
> Pickering base64 lib to create a base32 lib which supports both
> standard and Extended hex encoding (although a lot of situations are
> untested).  this enables us to encode/decode the nsec3 label

Okay, that's good. But let's not worry about these until after the
dns-nsec-enum script is merged; we have no use for NSEC3 at the moment.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/