won't resolve hostname if dns answer is big (no tcp re-query) #364

Closed
mhlavink opened this Issue Apr 14, 2016 · 1 comment

Comments

Projects
None yet
2 participants

Hi, one of our users found an issue in nmap, that it does not resolves hostname if dns answer is too big for udp payload.

Original report:
nmap is not able to resolve hostname if dns server reply is more than 512 bytes.nmap expects reply from dns server side in the form of UDP Packet but if size is more than 512 bytes then it is failed to process data so it is not able to resolve hostname.

Steps to Reproduce:

  1. Add the dummy entries in named zone configuration file to increase the size of packet
  2. Set localhost as nameserver in reosolv.conf
  3. Execute namp command nmap -O -T5
    It returns the line as "Nmap scan report for 10.65.2.210" No hostname is showing.
    In successful case it shows as "Nmap scan report for dhcp2-210..com (10.65.2.210)"

Actual results:
It is not returning hostname in case if dns packet reply size is more than 512 bytes.

Expected results:
It should send the query on tcp also in case if size is more than 512 bytes as glibc does in case of using --system-dns in nmap command

Reported earlier as #103. We added support for parsing truncated replies, which helps somewhat, but did not implement TCP fallback. The reverse DNS code in nmap_dns.cc is quite modular, so it shouldn't be too difficult to implement this.

nmap-bot closed this in 0c1d68d Jul 19, 2016

@sergeykhegay sergeykhegay added a commit to sergeykhegay/nmap that referenced this issue Jul 27, 2016

@tremblerz @sergeykhegay tremblerz + sergeykhegay Falls back to "getnameinfo" for truncated replies in reverse DNS reso…
…lver. Closes #434 and #400, fixes #364 and #103.
b9d90ea
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment