Nmap Development mailing list archives
Re: -6 and mass_dns and dns.lua
From: jah <jah () zadkiel plus com>
Date: Mon, 20 Oct 2008 21:53:31 +0100
On 20/10/2008 03:57, David Fifield wrote:
On Tue, Oct 07, 2008 at 04:05:03PM +0100, jah wrote:Hi folks, The attached patches nmapOps.cc and nmap_dns.cc: o.mass_dns is not set to false for IPv6 targets. system dns resolution is skipped for IPv6 targets when nmap_mass_rdns() is called with zero num_targets allowing dns servers to be obtained from the windows registry or /etc/resolv.conf if the dns servers aren't already known (servs.size() is zero). After doing this the function returns immediately and without proceeding to /etc/hosts lookup etc. --system-dns is respected.Thanks for your observation, insightful as usual. This is certainly a problem (may be considered a bug). I don't like the way this patch solves the problem. There is too much special casing on o.af() != AF_INET6, when the basic problem of getting a list of the system's DNS only depends on being able to read /etc/resolv.conf and /etc/hosts, not on the address family. I would prefer to see the code that reads o.dns_servers and /etc/resolv.conf (or the Windows registry) factored out into its own function. That function, which would be independent of -n and -6, would be called by nmap_mass_rdns_core and get_dns_servers. How does that sound? Or if I'm off base and missing something obvious, just tell me.
This sounds like a good approach, but we still need to address the fact that if -6 is specified, o.mass_dns is set false which makes it impossible to determine if both -6 and --system-dns were specified. I'm assuming that if --system-dns is specified, the user intends us not to talk to any dns servers we might find and so we need to be able to tell if this was specified. My approach was to disassociate o.mass_dns from -6 which leaves --system-dns as the only parameter affecting it. Given that the mass rdns code doesn't yet work with -6 we have to prevent certain bits of the code from running. Hence the special casing you mention. I should have explained this previously. I've begun work on getting -6 working with mass_dns (I've had success doing rdns for IPv6 addresses, but the code I've written sucks and there's much more to do) so hopefully, whatever we decide to do will be temporary. Regards, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- -6 and mass_dns and dns.lua jah (Oct 05)
- Re: -6 and mass_dns and dns.lua jah (Oct 06)
- Re: -6 and mass_dns and dns.lua jah (Oct 07)
- Re: -6 and mass_dns and dns.lua David Fifield (Oct 19)
- Re: -6 and mass_dns and dns.lua jah (Oct 20)
- Re: -6 and mass_dns and dns.lua David Fifield (Oct 30)
- Re: -6 and mass_dns and dns.lua jah (Oct 30)
- Re: -6 and mass_dns and dns.lua David Fifield (Oct 31)
- Re: -6 and mass_dns and dns.lua jah (Oct 31)
- Re: -6 and mass_dns and dns.lua jah (Oct 07)
- Re: -6 and mass_dns and dns.lua jah (Oct 06)