On 02/10/2014 02:55 PM, John Bond wrote:
There was a small bug when dealing with servers that time out. I have
added a fix and also enabled tcp support for the dns-nsec-enum and
Thanks for continuing to work on this. I see the utility of the fix to
dns.lua and dns-nsec-enum. I'm not sure about the patch to
The script currently runs as a prerule and as a portrule script, requiring
the dns-client-subnet-scan.domain argument for the domain name to perform a
lookup on. For the portrule, your patch works. For the prerule case, it will
fail because the port argument to the action function is nil. There should
be a check for this in the script.
Additionally, the script should probably not run as a portrule when
dns-client-subnet-scan.nameserver script-arg is given, otherwise it will
continue to perform the same lookup against the same nameserver for every
port 53 that is discovered.