Re: nmap returns "Host <ip_address> appears to be up" instead of "Host <hostname> appears to be up" for some of the nodes

[David Fifield <david () bamsoftware com>]

On Fri, Nov 13, 2009 at 09:27:59AM +0800, Guang Cheng Li wrote:
> HI David,
>
> Thank you for your reponse.
>
> The -oX and -oG does change the output format to make it easier for the
> output parsing, but the "hostname" information is still not available for
> some nodes. I can update my script to check both the ip address and the
> hostname, but I have to call lot of hostname resolution system calls to
> resolve the hostnames/ip addresses, the performance degradation might be a
> problem for me because I can have at most 64,000 nodes in my cluster.

Even if you're using the normal output, you don't have to look up the
hostnames when they are present. The IP address is always there too, in
parentheses.

If the hostname is not present, it means that reverse DNS for that
address failed. If there is a host whose name you can get through your
system resolver but not with Nmap, then it is likely a bug and we would
like to have more information about it.

> Actually we are using /etc/hosts to resolve the host names because the DNS
> itself also has some kind of scaling issues, though the DNS hostname
> resolution also works in the cluster. Do you think the flag "--system-dns"
> will be a better choice for us because we are using /etc/hosts for hostname
> resolution? The experiment also shows that the "--system-dns" runs faster
> in my environment, is there any other side effects by specifying the
> "--system-dns" flag?

Nmap's parallel DNS resolver also looks in /etc/hosts, so if all the
hosts are in there it shouldn't have an effect. You will have to test
yourself to see which is faster.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/