Nmap Development mailing list archives

Re: Forward DNS names in output

From: Ron <ron () skullsecurity net>
Date: Fri, 28 Aug 2009 15:14:40 -0500

On 08/28/2009 02:54 PM, David Fifield wrote:

I think this is worth commenting on so I'm starting a new thread.
Patrick is right that Nmap uses the reverse DNS name in its output.

$ nmap -sP en.wikipedia.org
Host rr.pmtpa.wikimedia.org (208.80.152.2) is up (0.092s latency).

When the reverse DNS is not available, it uses the IP address only, even
if it came from forward resolution of a domain name.

$ nmap -sP en.wikipedia.org -n
Host 208.80.152.2 is up (0.11s latency).

I have a personal TODO item to use the forward name in Zenmap, but I
found that it is not even in the XML output.

<host><status state="up" reason="conn-refused"/>
<address addr="208.80.152.2" addrtype="ipv4" />
<hostnames><hostname name="rr.pmtpa.wikimedia.org" type="PTR" /></hostnames>
</host>

I agree with Ron that this is confusing sometimes. It also loses
information. How should Nmap work in this regard? My quick proposal is
to always prefer the forward name to the reverse name in normal output,
and to use the reverse name when the forward name is not available. The
latter behavior is clearly what's wanted when scanning an IP range. In
XML output, both names would be recorded, with a different "type"
attribute for the forward name.

David Fifield

Personally, I'd prefer not to lose either in the output, since they bothgive important information about the host.

But, in my mind, the forward name is most useful for identification,whereas the reverse name is more useful for finding info about theserver (especially if it's load balanced or something).

It seems to me that displaying the forward name is best at the top, thereverse name seems more like something a script would do (speaking ofwhich -- idea for a script: display all available rDNS entries for a host?)


Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Forward DNS names in output David Fifield (Aug 28)
- Re: Forward DNS names in output Ron (Aug 28)
- Re: Forward DNS names in output Brandon Enright (Aug 28)
- Re: Forward DNS names in output Fyodor (Aug 28)
  - Re: Forward DNS names in output Patrick Donnelly (Aug 28)