Re: [PATCH] Mass rDNS performance

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 19 Mar 2009 00:21:14 -0700 or thereabouts Fyodor
<fyodor () insecure org> wrote:

> On Thu, Mar 19, 2009 at 07:19:41AM +0000, Brandon Enright wrote:
> > When I resolve 16384 randomly generated IPs that all have a reverse
> > name (I reverse resolved 1 million, extracted 16384 with a name) the
> > current code is quite a bit slower.
>
> Hi Brandon.  Thanks for helping out with large scale testing of the
> patch!  Did you compare the accuracy of the 16,384 reverse-resolves
> (e.g. what percentage succeeded, since it sounds like they all should
> have in an ideal case) between the patched and unpatched versions?
> Performance alone only tells half the story.
>
> Cheers,
> -F

I re-ran the test, this time recording how many IPs did not resolve.

Old:
2m5.642s  -- 28 missed
2m1.712s  -- 24 missed
2m12.915s -- 35 missed

Patched:
5m57.216s -- 27 missed
6m43.466s -- 31 missed
6m41.384s -- 55 missed

I wasn't happy with the last two results of the patched scan and I
suspected blacklisting or something like that to be the cause so I ran
the old code again right afterwards to see if it the slowdown and
inaccuracy would be reflected.  It wasn't:

Old 2:
1m57.714s -- 25 missed
2m1.808s  -- 28 missed
2m2.115s  -- 29 missed


Now, to be fair, most of these "missed" IPs are not no-responses, they
are NXDOMAIN.  I suspect that a number of these failing IPs are
dynamically registered DNS (think VPN, Wireless, DHCP, etc) and the
orgs that were live when I did the reverse lookup earlier today but
have since expired.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAknCAUsACgkQqaGPzAsl94J8kACgqQXmcBG4j2ICdhqtKFYVtC0H
6qsAnAvxW4W9nD9tZJXZ/20aLZvHPyoZ
=OrN1
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org