Re: DNSSEC NSEC howto

[John Bond <john.r.bond () gmail com>]

On 25 February 2011 09:50, John Bond <john.r.bond () gmail com> wrote:
> On 25 February 2011 05:31, David Fifield <david () bamsoftware com> wrote:
> I would be interested to see What peoples experiences are with this
> When testing on a complex zone my script seems to find more entries.
> i.e. on the zone im testing my script gets 2612 results ldns-walk gets
> 1725.  I think i know why this is but will have to check the ldns
> source tonight
Yes this is because they walk the zone differently i assume that
the next zone to check should be 1.$lasthostname ldns-walk has \001$lasthostname
i.e. no dot.  basically i do something similar to ldns if my thing
dosn't work and i think
ldns does the opposite.  The method i use means i get a lot more sub
domain information.
my C is very very rusty so im not sure how to change the ldns code but
if some one whats
to have a crack at updatinf the ldns-walk code i would be happy to
explain what i have tried
to do.


> I also noticed last night that my script breaks if the zone has a
> wildcard entry, again ill take a look at this over the weekend
i have added a bit of a dirty hack to get around.  it should be stable
and it is possible though unlikly that it may add some misses to the
results.  i have also fixed a problem that occurred if a domain name
hand an hyphen in it

Attachment: dns-nsec-enum.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/