Nmap Development mailing list archives
Re: Bug in nmap parallel resolver (dns) on Windows
From: David Fifield <david () bamsoftware com>
Date: Sun, 3 Mar 2013 23:02:36 -0800
On Wed, Feb 06, 2013 at 03:20:49PM -0600, Frazier, Kenneth B wrote:
I've found an issue while running both nmap 6.01 and 6.25 where the parallel resolver function is attempting to reverse lookup ip addresses using dns servers that were last assigned to an adapter/network interface that is no longer active. For example, if I have an Ethernet port, a wireless port, and a USB port, if any of them are disabled or disconnected but have been previously connected to a network, the Windows registry maintains the adapters last DHCP assigned DNS servers, and parallel resolution will attempt to send queries to those addresses. If I force the use of -system-dns, nmap does not generate these [invalid] reverse lookups. I am capturing this activity via Wireshark. I noticed the behavior when trying to troubleshoot a problem with scans that started taking too long, shortly after connecting to a new network interface (temporarily). I am running Windows 7 SP1 X64, and an only using the IPv4 stack. IPv6 has been disabled.
Thanks for this report. I have attached a patch that causes Nmap to
ignore name servers from interfaces that it is not able to use.
Without this patch, I get the following:
mass_rdns: Using DNS server 10.0.2.3
mass_rdns: Using DNS server 10.0.3.2
mass_rdns: Using DNS server 192.168.0.21
mass_rdns: Using DNS server 192.168.0.1
I don't know where some of those name servers come from. They may be
things that I configured in the past while testing something. With the
patch, I get:
Interface {2E22965B-93E9-4776-AFE3-33DF46B71C0A} is not known; ignoring its nameservers.
Interface {4D9BCAE6-74A0-4E57-9946-8DB316C5C5D6} is not known; ignoring its nameservers.
mass_rdns: Using DNS server 192.168.0.21
Interface {9CC9EAA1-8266-4BD3-A26A-297F9EF4E3BC} is not known; ignoring its nameservers.
This matches my configuration in the networking control panel.
Does this patch look reasonable?
David Fifield
Attachment:
nmap-ignore-dns.patch
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Bug in nmap parallel resolver (dns) on Windows Frazier, Kenneth B (Feb 06)
- Re: Bug in nmap parallel resolver (dns) on Windows David Fifield (Mar 03)
- RE: Bug in nmap parallel resolver (dns) on Windows Frazier, Kenneth B (Mar 04)
- Re: Bug in nmap parallel resolver (dns) on Windows David Fifield (Mar 04)
- RE: Bug in nmap parallel resolver (dns) on Windows Frazier, Kenneth B (Mar 04)
- Re: Bug in nmap parallel resolver (dns) on Windows David Fifield (Mar 03)