I figured out that the rule for this script is:
>portrule = shortport.portnumber(53, "udp")
which only takes UDP into account. However, the example usage command
solely performs a TCP scan, so the script's action will never be executed.
Nevertheless, the DNS standard also requires TCP support (
http://tools.ietf.org/search/rfc5966) for large messages and zone
transfers, so it may be good to run the script likewise when an open
TCP-port 53 was encountered.
I think, there are a few options to resolve this issue:
- by updating the doc page (+ comments in the script)
- e.g. changing the example usage command to something like nmap -sU -p53
--script dns-fuzz --script-args timelimit=2h <target>
- clarify, that an UDP scan on port 53 is necessary