/ nmap Public
[ncat] Ability to control hostname resolution for proxy destinations #1439
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge.
In connect mode, currently all proxy destinations are directly passed onto the remote proxy server, without trying to resolve them locally. This behavior has raised some concerns.
This proposal implements a new ncat option that provides control over whether these hostnames are resolved by the remote proxy server or locally, by Ncat itself.
local- Hostnames are resolved locally on the Ncat host. Ncat exits with error if the hostname cannot be resolved.
remote- Hostnames are passed directly onto the remote proxy server. This is the default behavior.
both- Hostname resolution is first attempted on the Ncat host. Unresolvable hostnames are passed onto the remote proxy server.
none- Hostname resolution is completely disabled. Only an IPv4 or IPv6 address can be used as the proxy destination.
Note that this new option is complementing, not replacing, option
--no-dns, which controls all existing hostname resolution, such as non-proxied targets, hops, source address, and the proxy server itself.