RE: Asynchronous DNS Patch

["Sina Bahram" <sbahram () nc rr com>]

Aha, ... It crashes

I'll have to debug it to let you know where, but it got this far on the
output ...

 Winpcap present, dynamic linked to: WinPcap version 3.1 (packet.dll version
3, 1
, 0, 27), based on libpcap version 0.9[.x]
Starting Nmap 3.93 ( http://www.insecure.org/nmap ) at 2005-12-06 16:51
Eastern
Standard Time
Warning: File ./nmap-services exists, but Nmap is using
C:\nmap2/nmap-services f
or security and consistency reasons.  set NMAPDIR=. to give priority to
files in
your local directory (may affect the other data files too).

Take care,
Sina

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of doug () hcsw org
Sent: Tuesday, December 06, 2005 5:24 PM
To: nmap-dev () insecure org
Subject: Re: Asynchronous DNS Patch

Hi Sina,

On Tue, Dec 06, 2005 at 11:30:44AM -0500 or thereabouts, Sina Bahram wrote:
> Hi Doug,
>
> I ran the windows binary on xp sp2.

Great! Are you saying that the --async_dns option works in that windows
binary?

The usual way I test the performance with the current incarnation of the
patch is as follows:

./nmap --async_dns -sL -R -v -d -iR 100

That will use the new async resolver to try resolving 100 random IPs. It
will resolve all 100 IPs (-R) instead of just the ones determined to be up.

The -v and -d give some more detailed "in progress" and "afterwards" reports
on DNS. I would be very interested to hear if the above command produces a
line like the following for you:

DNS resolution of 100 IPs took 9.29s. Mode: Async [#: 2, OK: 18, NX: 76, SF:
0, RE: 61, DR: 6]

Because I've been having some problems with it running on windows server
2k3. It dies mysteriously somewhere during the async DNS process. If you
used the windows binary in combination with the --async_dns switch that
would be very interesting. I guess it would mean I have something strange
with my windows setup.

Yes, seeing the same scan improve several fold after performing it once is
not unusual and, yup, you called it: caching DNS servers. In the performance
notes, I made sure to perform the scan a few times to ensure that the
targets are as cached as possible.

That's great that you're interested in this patch and improving its
performance. I think that tuning the network parameters at the top of the
new file nmap_dns.cc is the most likely to prove fruitful for getting the
async DNS to be as fast as possible. It's true I'm not using the most
advanced algorithms possible for storing and updating the results, but I
usually notice little to no CPU activity on the machine while performing the
DNS.

I think the next performance-related step should be to introduce some sort
of auto-tuning functionality for the parameters. There are times during a
scan I know that different parameters would improve the performance vastly
but those weren't the ones configured at compile-time. The parameters I've
chosen right now are fairly conservative and are mostly designed for
accuracy. Maybe we should have a -T equivalent for DNS?

Thanks for your interest in the patch!

Doug



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev