Re: -6 and mass_dns and dns.lua

[David Fifield <david () bamsoftware com>]

On Mon, Oct 20, 2008 at 09:53:31PM +0100, jah wrote:
> On 20/10/2008 03:57, David Fifield wrote:
> > On Tue, Oct 07, 2008 at 04:05:03PM +0100, jah wrote:
> > > Hi folks,
> > >
> > > The attached patches nmapOps.cc and nmap_dns.cc:
> > >
> > > o.mass_dns is not set to false for IPv6 targets.
> > >
> > > system dns resolution is skipped for IPv6 targets when nmap_mass_rdns()
> > > is called with zero num_targets allowing dns servers to be obtained from
> > > the windows registry or /etc/resolv.conf if the dns servers aren't
> > > already known (servs.size() is zero).  After doing this the function
> > > returns immediately and without proceeding to /etc/hosts lookup etc.
> > >
> > > --system-dns is respected.
> >
> > Thanks for your observation, insightful as usual. This is certainly a
> > problem (may be considered a bug).
> >
> > I don't like the way this patch solves the problem. There is too much
> > special casing on o.af() != AF_INET6, when the basic problem of getting
> > a list of the system's DNS only depends on being able to read
> > /etc/resolv.conf and /etc/hosts, not on the address family.
> >
> > I would prefer to see the code that reads o.dns_servers and
> > /etc/resolv.conf (or the Windows registry) factored out into its own
> > function. That function, which would be independent of -n and -6, would
> > be called by nmap_mass_rdns_core and get_dns_servers. How does that
> > sound? Or if I'm off base and missing something obvious, just tell me.
>
> This sounds like a good approach, but we still need to address the fact
> that if -6 is specified, o.mass_dns is set false which makes it
> impossible to determine if both -6 and --system-dns were specified.
>
> I'm assuming that if --system-dns is specified, the user intends us not
> to talk to any dns servers we might find and so we need to be able to
> tell if this was specified.

I think I understand now. We can factor out the code that gets a list of
servers, but we should return an empty list if --system-dns is used.

Does the attached patch work for you? I've tested that continues to use
system DNS for IPv6 lookups, and that get_dns_servers returns a list of
servers even with -6 except when --system-dns is also present. I haven't
tested it with ASN.nse.

The patch builds on a few refactoring commits I made that didn't change
any outward behavior. The main change is moving the decision of whether
to run mass_dns from NmapOps.cc to nmap_dns.cc. As you noted, having -6
control o.mass_dns created a tricky bit of ambiguity.

David Fifield

Attachment: ipv6-dns-list.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org