Reverse DNS lookup for private IPs error

[Eduardo Ocete <eocete () alienvault com>]

Hi!

So the issue that I've encountered is that when a public DNS server is
added to the resolv.conf file, below the entry of a private DNS server,
Nmap doesn't resolve the hostname as expected.

This is the resolv.conf file configuration that makes the rDNS lookup fail:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual
nameservers.
nameserver 10.80.50.21
nameserver 8.8.8.8

Running Nmap with the option "--dns-servers
<private_server_address>,<public_server_address>"  also fails to do the
reverse DNS lookup.

I've checked that both, nslookup and dig, resolve the hostname properly
with this resolv.conf configuration. I've been able to reproduce the issue
with Nmap 7.70 and 7.60 running in both Ubuntu 16.04 and 18.04 (I haven't
tried any other OS or Nmap versions).

I've run Nmap with the -d6 command and it seems that the reverse lookup is
done first against the public DNS server, but even though no match is found
for the private address that is being scanned, the private DNS server is
not queried afterwards.

However, the forward DNS lookup works fine and if I leave only the entry
for the private DNS server or if the second server is set to the localhost
address it also works.

I'm not really sure if this is a bug or if it is just the expected
behavior, but I guess that it would make sense to query the private DNS
server if the public one returns no matches.

Feel to reach me if you need any other information to troubleshoot this
issue.

Regards,
Eduardo

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/