Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: NSEC Enumeration script
From: David Fifield <david () bamsoftware com>
Date: Tue, 15 Mar 2011 09:59:25 -0700

On Tue, Mar 15, 2011 at 08:33:11AM +0100, John Bond wrote:
Patrik Karlsson:

In essence, I think that the following change should be performed:
- return rPkt.dnssec,true, rPkt
+ return true, rPkt

This way it's more standardized and does not return redundant information.

 rPkt.dnssec is redundant if you are using the raw packet but if you
just want an answer then rPkt.dnssec could be usefull. what should the
library return if the query is successful but there is no dnssec?

I agree with Patrik here. I don't want to waste a return value just for
dnssec. Also, just indicating "dnssec" isn't saying much, it basically
means "NSEC or RRSIG or DNSKEY or DS or NSEC3". Anyone who actually
needs to use that specific information will need to dig into the packet,
as we are doing. It's fine if dns.query in normal mode (not retPkt mode)
doesn't return all the information.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]