Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] DNS update support
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 11 Jan 2011 08:01:08 +0100

On 10 jan 2011, at 02.58, David Fifield wrote:

On Mon, Jan 10, 2011 at 02:15:45AM +0100, Patrik Karlsson wrote:
Hi all,

I just finished some work on the DNS library adding support for unauthenticated dynamic updates.
I'm including a patch that adds the support and a script dns-update that makes us of it.

The script attempt to add a record specified as an argument and returns a message if it was successful.
Any comments or feedback are always appreciated.

I get this error:

./nmap --datadir . --script=dns-update -d -sU -p53 --script-args 

./nselib/dns.lua:708: attempt to concatenate a nil value
stack traceback:
       ./nselib/dns.lua:708: in function <./nselib/dns.lua:704>
       (tail call): ?
       ./nselib/dns.lua:775: in function 'encode'
       ./nselib/dns.lua:1254: in function 'update'
       ./scripts/dns-update.nse:53: in function <./scripts/dns-update.nse:46>
       (tail call): ?

With "foo.bar.com" instead of "foo", the script finishes but doesn't
make any output.

Sorry my bad. I fixed the error by making some additional checks.
The script produces no output unless the DNS update is successful.
Do you think the script should produce a message similar to "Dynamic update of record nmap-test.cqure.net failed" on 
failure as well?

The easiest way to test is probably by setting the zone to allow "Nonsecure and secure" updates in Windows.
You should be able to achieve the same insecure setup in Bind, but I've never tried that.

I'm including an updated script and a new patch file for dns.lua.

David Fifield

Best regards,

Attachment: dns-update.patch


Attachment: dns-update.nse

Patrik Karlsson

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]