Nmap Development mailing list archives

Re: -6 and mass_dns and dns.lua

From: jah <jah () zadkiel plus com>
Date: Mon, 20 Oct 2008 21:53:31 +0100

On 20/10/2008 03:57, David Fifield wrote:

On Tue, Oct 07, 2008 at 04:05:03PM +0100, jah wrote:

Hi folks,

The attached patches nmapOps.cc and nmap_dns.cc:

o.mass_dns is not set to false for IPv6 targets.

system dns resolution is skipped for IPv6 targets when nmap_mass_rdns()
is called with zero num_targets allowing dns servers to be obtained from
the windows registry or /etc/resolv.conf if the dns servers aren't
already known (servs.size() is zero).  After doing this the function
returns immediately and without proceeding to /etc/hosts lookup etc.

--system-dns is respected.


Thanks for your observation, insightful as usual. This is certainly a
problem (may be considered a bug).

I don't like the way this patch solves the problem. There is too much
special casing on o.af() != AF_INET6, when the basic problem of getting
a list of the system's DNS only depends on being able to read
/etc/resolv.conf and /etc/hosts, not on the address family.

I would prefer to see the code that reads o.dns_servers and
/etc/resolv.conf (or the Windows registry) factored out into its own
function. That function, which would be independent of -n and -6, would
be called by nmap_mass_rdns_core and get_dns_servers. How does that
sound? Or if I'm off base and missing something obvious, just tell me.

This sounds like a good approach, but we still need to address the fact
that if -6 is specified, o.mass_dns is set false which makes it
impossible to determine if both -6 and --system-dns were specified.

I'm assuming that if --system-dns is specified, the user intends us not
to talk to any dns servers we might find and so we need to be able to
tell if this was specified.

My approach was to disassociate o.mass_dns from -6 which leaves
--system-dns as the only parameter affecting it.  Given that the mass
rdns code doesn't yet work with -6 we have to prevent certain bits of
the code from running.  Hence the special casing you mention.  I should
have explained this previously.

I've begun work on getting -6 working with mass_dns (I've had success
doing rdns for IPv6 addresses, but the code I've written sucks and
there's much more to do) so hopefully, whatever we decide to do will be
temporary.

Regards,

jah



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

-6 and mass_dns and dns.lua jah (Oct 05)
- Re: -6 and mass_dns and dns.lua jah (Oct 06)
  - Re: -6 and mass_dns and dns.lua jah (Oct 07)
    - Re: -6 and mass_dns and dns.lua David Fifield (Oct 19)
    - Re: -6 and mass_dns and dns.lua jah (Oct 20)
    - Re: -6 and mass_dns and dns.lua David Fifield (Oct 30)
    - Re: -6 and mass_dns and dns.lua jah (Oct 30)
    - Re: -6 and mass_dns and dns.lua David Fifield (Oct 31)
    - Re: -6 and mass_dns and dns.lua jah (Oct 31)