From 651cb6e48666d84f364da3311a05c2473dbc11e2 Mon Sep 17 00:00:00 2001 From: david Date: Sun, 2 Nov 2008 20:32:26 +0000 Subject: [PATCH] Allow dns.get_servers to return a list of known DNS servers even when IPv6 scanning, when system DNS resolution is used. This makes ASN.nse work for IPv6. See the thread at http://seclists.org/nmap-dev/2008/q4/0081.html. --- CHANGELOG | 5 +++++ NmapOps.cc | 2 -- nmap_dns.cc | 27 +++++++++++++++++---------- 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 1c42f763a..7eb3df22c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,10 @@ # Nmap Changelog ($Id$); -*-text-*- +o NSE scripts that require a list of DNS servers (currently only + ASN.nse) now work when IPv6 scanning. Previously it gave an error + message: "Failed to send dns query. Response from dns.query(): 9". + [Jah, David] + o [Zenmap] Added a simple workaround for a bug in PyXML (an add-on Python XML library) that caused a crash. The crash would happen when loading an XML file and looked like "KeyError: 0". [David] diff --git a/NmapOps.cc b/NmapOps.cc index e58b808cd..dc8c57b28 100644 --- a/NmapOps.cc +++ b/NmapOps.cc @@ -488,8 +488,6 @@ void NmapOps::ValidateOptions() { fatal("Sorry -- IPv6 support is currently only available for connect() scan (-sT), ping scan (-sP), and list scan (-sL). OS detection and decoys are also not supported with IPv6. Further support is under consideration."); } - if (af() != AF_INET) mass_dns = false; - /* Prevent performance values from getting out of whack */ if (min_parallelism > max_parallelism) max_parallelism = min_parallelism; diff --git a/nmap_dns.cc b/nmap_dns.cc index 13c264ff7..7ca7d6d50 100644 --- a/nmap_dns.cc +++ b/nmap_dns.cc @@ -1110,8 +1110,19 @@ static void etchosts_init(void) { /* Initialize the global servs list of DNS servers. If the --dns-servers option * was given, use the listed servers; otherwise get the list from resolv.conf or - * the Windows registry. */ + * the Windows registry. If o.mass_dns is false, the list of servers is empty. + * This function caches the results from the first time it is run. */ static void init_servs(void) { + static bool initialized = false; + + if (initialized) + return; + + initialized = true; + + if (!o.mass_dns) + return; + if (o.dns_servers) { add_dns_server(o.dns_servers); } else { @@ -1139,8 +1150,7 @@ static void nmap_mass_rdns_core(Target **targets, int num_targets) { char spmobuf[1024]; // If necessary, set up the dns server list - if (servs.size() == 0) - init_servs(); + init_servs(); if (servs.size() == 0 && firstrun) error("mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers"); @@ -1307,7 +1317,8 @@ void nmap_mass_rdns(Target **targets, int num_targets) { stat_actual = stat_ok = stat_nx = stat_sf = stat_trans = stat_dropped = stat_cname = 0; - if (o.mass_dns) + // mass_dns only supports IPv4. + if (o.mass_dns && o.af() == AF_INET) nmap_mass_rdns_core(targets, num_targets); else nmap_system_rdns_core(targets, num_targets); @@ -1316,7 +1327,7 @@ void nmap_mass_rdns(Target **targets, int num_targets) { if (stat_actual > 0) { if (o.debugging || o.verbose >= 3) { - if (o.mass_dns) { + if (o.mass_dns && o.af() == AF_INET) { // #: Number of DNS servers used // OK: Number of fully reverse resolved queries // NX: Number of confirmations of 'No such reverse domain eXists' @@ -1340,11 +1351,7 @@ void nmap_mass_rdns(Target **targets, int num_targets) { // Returns a list of known DNS servers std::list get_dns_servers() { - // if, for example, run with -n, list is not initialized, - // run empty nmap_mass_rdns to do so - if(servs.size() == 0 && firstrun) { - nmap_mass_rdns(NULL, 0); - } + init_servs(); // If the user said --system-dns (!o.mass_dns), we should never return a list // of servers.