Nmap Development mailing list archives
Fwd: RE: Nmap reverse DNS module
From: doug () hcsw org
Date: Wed, 18 Oct 2006 11:43:22 -0700
Subject: RE: Nmap reverse DNS module To: doug () hcsw org From: XXX X-OriginalArrivalTime: 18 Oct 2006 01:59:55.0886 (UTC) FILETIME=[1BC9D0E0:01C6F259] X-MIME-Autoconverted: from quoted-printable to 8bit by hcsw.org id k9I246C5025097 Thanks for the reply Doug, it sure helps. You're more than welcome to post this to the nmap-dev list, I'd just ask you remove my name and email address from the thread. Thanks! -XXX -----Original Message----- From: doug () hcsw org [mailto:doug () hcsw org] Sent: Tuesday, October 17, 2006 5:42 PM To: XXX Cc: fyodor () insecure org Subject: Re: Nmap reverse DNS module Hi XXX, On Tue, Oct 17, 2006 at 04:00:33PM -0700 or thereabouts, XXX wrote:
I'm trying to use the --dns_servers switch in NMAP to map a hostname to an FQDN. For example hostname "test" returns the FQDN test.foo.com. I want to provide a specific list of DNS servers for NMAP to query. My first question is do I have the correct usage
Nmap -sP test -dns_servers 1.1.1.1, 2.2.2.2, 3.3.3.3
Not quite. Here are a few issues with this command: o DNS servers need to be separated by only , and not spaces so Nmap reads the server list as a single argument. o Using -sP (ping scan) is probably unnecessary since you're only qualifying domain names. In fact, Nmap will not run the reverse dns resolver against hosts that are determined to be down (but see -R). You might have better luck with -sL. o Current Nmap best-practice says to use - instead of _ in long options. So here is the command I suggest: nmap -sL test --dns-servers 1.1.1.1,2.2.2.2,3.3.3.3 Also notice that you can use domain names instead of IP addresses for the DNS servers if that makes your life easier.
and secondly, will NMAP query the ENTIRE list of DNS servers if it fails to resolve using the first couple of servers?
Very good question! Generally Nmap will try up to 3 DNS servers for a reverse query though this can be changed in nmap_dns.cc so: // Each request will try to resolve on at most this many servers: #define SERVERS_TO_TRY 3 Notice that if we receive an NXDOMAIN from one of the servers this counts as a successful lookup (there is no such name) and Nmap will not retry on any of the other servers - even though one of them might have records for the domain.
Thank you for your time and contributing to a wonderful and essential utility. -XXX
Thank you for your interest in Nmap! Do you mind if I forward this response to the nmap-dev list so this can be documented for the future event that someone has a similar question? Best, Doug ----- End forwarded message -----
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Fwd: RE: Nmap reverse DNS module doug (Oct 18)