Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] DNS update support

From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 11 Jan 2011 08:01:08 +0100

On 10 jan 2011, at 02.58, David Fifield wrote:


On Mon, Jan 10, 2011 at 02:15:45AM +0100, Patrik Karlsson wrote:

Hi all,

I just finished some work on the DNS library adding support for unauthenticated dynamic updates.
I'm including a patch that adds the support and a script dns-update that makes us of it.

The script attempt to add a record specified as an argument and returns a message if it was successful.
Any comments or feedback are always appreciated.


I get this error:

./nmap --datadir . --script=dns-update -d 192.168.0.1 -sU -p53 --script-args 
dns-update.hostname=foo,dns-update.ip=3.3.3.3

./nselib/dns.lua:708: attempt to concatenate a nil value
stack traceback:
       ./nselib/dns.lua:708: in function <./nselib/dns.lua:704>
       (tail call): ?
       ./nselib/dns.lua:775: in function 'encode'
       ./nselib/dns.lua:1254: in function 'update'
       ./scripts/dns-update.nse:53: in function <./scripts/dns-update.nse:46>
       (tail call): ?

With "foo.bar.com" instead of "foo", the script finishes but doesn't
make any output.


Sorry my bad. I fixed the error by making some additional checks.
The script produces no output unless the DNS update is successful.
Do you think the script should produce a message similar to "Dynamic update of record nmap-test.cqure.net failed" on 
failure as well?

The easiest way to test is probably by setting the zone to allow "Nonsecure and secure" updates in Windows.
You should be able to achieve the same insecure setup in Bind, but I've never tried that.

I'm including an updated script and a new patch file for dns.lua.



David Fifield



Best regards,
Patrik

Attachment: dns-update.patch
Description:

Attachment: dns-update.nse
Description: 


--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77






_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: