Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Asynchronous DNS Patch

From: doug () hcsw org
Date: Tue, 6 Dec 2005 14:24:18 -0800
Hi Sina,

On Tue, Dec 06, 2005 at 11:30:44AM -0500 or thereabouts, Sina Bahram wrote:

Hi Doug,

I ran the windows binary on xp sp2.


Great! Are you saying that the --async_dns option works in that windows binary?

The usual way I test the performance with the current incarnation of the patch is as follows:

./nmap --async_dns -sL -R -v -d -iR 100

That will use the new async resolver to try resolving 100 random IPs. It will resolve all 100 IPs (-R) instead of just 
the ones determined to be up.

The -v and -d give some more detailed "in progress" and "afterwards" reports on DNS. I would be very interested to hear 
if the above command produces a line like the following for you:

DNS resolution of 100 IPs took 9.29s. Mode: Async [#: 2, OK: 18, NX: 76, SF: 0, RE: 61, DR: 6]

Because I've been having some problems with it running on windows server 2k3. It dies mysteriously somewhere during the 
async DNS process. If you used the windows binary in combination with the --async_dns switch that would be very 
interesting. I guess it would mean I have something strange with my windows setup.

Yes, seeing the same scan improve several fold after performing it once is not unusual and, yup, you called it: caching 
DNS servers. In the performance notes, I made sure to perform the scan a few times to ensure that the targets are as 
cached as possible.

That's great that you're interested in this patch and improving its performance. I think that tuning the network 
parameters at the top of the new file nmap_dns.cc is the most likely to prove fruitful for getting the async DNS to be 
as fast as possible. It's true I'm not using the most advanced algorithms possible for storing and updating the 
results, but I usually notice little to no CPU activity on the machine while performing the DNS.

I think the next performance-related step should be to introduce some sort of auto-tuning functionality for the 
parameters. There are times during a scan I know that different parameters would improve the performance vastly but 
those weren't the ones configured at compile-time. The parameters I've chosen right now are fairly conservative and are 
mostly designed for accuracy. Maybe we should have a -T equivalent for DNS?

Thanks for your interest in the patch!

Doug



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: