Re: [NSE] ASN made more robust and documented - much more to do.

[David Fifield <david () bamsoftware com>]

On Tue, Sep 02, 2008 at 01:50:09AM +0100, jah wrote:
> On 30/08/2008 06:43, David Fifield wrote:
> > On Sat, Aug 30, 2008 at 06:35:01AM +0100, jah wrote:
> >   
> > > On 30/08/2008 02:02, David Fifield wrote:
> > >     
> > > > I can verify through --script-trace that a response from the DNS server
> > > > comes back. Is there anything I can do to help debug? I want to make
> > > > this script use dns.get_servers instead of requiring a script arg.
> > > >       
> > > I've been working on an update to ASN which uses the dns library
> > > (including get_servers) which I've attached.  I haven't looked at why
> > > that version you tried has failed.
> > >     
> >
> > No worries, this version works. If I don't give the dns script arg it
> > times out after about 20 seconds.
>
> I can't reproduce this at all.
> I think that the time out may be two connection attempts to a single dns
> server (for each of two TXT queries) via dns.send_packets().
> If this is the case then it would point to some issue either with
> dns.query() which assumes udp:53 or with nmap.get_dns_servers() possibly
> returning duff (but legal) dns servers.

You were right, for whatever reason the default DNS server wasn't
responding to the query.

You said a newer version of this script queries origin.asn.cymru.com and
and peer.asn.cymru.com instead of using nmap.asn.cymru.com. Can you
explain more why that is? Team Cymru created the nmap domain in order to
track load. If there's something wrong with what nmap returns maybe we
can get them to change it.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org