Nmap Development mailing list archives
Reverse DNS lookup for private IPs error
From: Eduardo Ocete <eocete () alienvault com>
Date: Tue, 29 May 2018 12:02:42 +0200
Hi! So the issue that I've encountered is that when a public DNS server is added to the resolv.conf file, below the entry of a private DNS server, Nmap doesn't resolve the hostname as expected. This is the resolv.conf file configuration that makes the rDNS lookup fail: # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 10.80.50.21 nameserver 8.8.8.8 Running Nmap with the option "--dns-servers <private_server_address>,<public_server_address>" also fails to do the reverse DNS lookup. I've checked that both, nslookup and dig, resolve the hostname properly with this resolv.conf configuration. I've been able to reproduce the issue with Nmap 7.70 and 7.60 running in both Ubuntu 16.04 and 18.04 (I haven't tried any other OS or Nmap versions). I've run Nmap with the -d6 command and it seems that the reverse lookup is done first against the public DNS server, but even though no match is found for the private address that is being scanned, the private DNS server is not queried afterwards. However, the forward DNS lookup works fine and if I leave only the entry for the private DNS server or if the second server is set to the localhost address it also works. I'm not really sure if this is a bug or if it is just the expected behavior, but I guess that it would make sense to query the private DNS server if the public one returns no matches. Feel to reach me if you need any other information to troubleshoot this issue. Regards, Eduardo
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Reverse DNS lookup for private IPs error Eduardo Ocete (May 29)