PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity

Update docs for parallel forward-DNS lookups.

Browse Source
This commit is contained in:
dmiller
2024-05-16 19:31:48 +00:00
parent adc7f02503
commit e9ea425f12
2 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG
View File

@@ -1,5 +1,13 @@
#Nmap Changelog ($Id$); -*-text-*- #Nmap Changelog ($Id$); -*-text-*-
o [GH#1451] Nmap now performs forward DNS lookups in parallel, using the same
engine that has been reliably performing reverse-DNS lookups for nearly a
decade. Scanning large lists of hostnames is now enormously faster and avoids
the unresponsive wait for blocking system calls, so progress stats can be
shown. In testing, resolving 1 million website names to both IPv4 and IPv6
took just over an hour. The previous system took 49 hours for the same data
set! [Daniel Miller]
Nmap 7.95 [2024-04-23] Nmap 7.95 [2024-04-23]
o Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures, o Integrated over 4,000 of your IPv4 OS fingerprints. Added 336 signatures,

21
docs/refguide.xml
View File

@@ -330,7 +330,7 @@ you would expect.</para>
<varlistentry> <varlistentry>
<term> <term>
<option>-n</option> (No DNS resolution) <option>-n</option> (No reverse DNS resolution)
<indexterm><primary><option>-n</option></primary></indexterm> <indexterm><primary><option>-n</option></primary></indexterm>
</term> </term>
<listitem> <listitem>
@@ -345,7 +345,7 @@ you would expect.</para>
<varlistentry> <varlistentry>
<term> <term>
<option>-R</option> (DNS resolution for all targets) <option>-R</option> (Reverse DNS resolution for all targets)
<indexterm><primary><option>-R</option></primary></indexterm> <indexterm><primary><option>-R</option></primary></indexterm>
</term> </term>
<listitem> <listitem>
@@ -392,15 +392,14 @@ you would expect.</para>
</term> </term>
<listitem> <listitem>
<para>By default, Nmap reverse-resolves IP addresses by sending <para>By default, Nmap resolves names to IP addresses (and IP addresses to names) by sending
queries directly to the name servers configured on your host queries directly to the name servers configured on your host
and then listening for responses. Many requests (often and then listening for responses. Many requests (often
dozens) are performed in parallel to improve performance. dozens) are performed in parallel to improve performance.
Specify this option to use your system resolver instead (one Specify this option to use your system resolver instead (one
IP at a time via the <function>getnameinfo</function> call). This is slower IP at a time via the <function>getnameinfo</function> call). This is slower
and rarely useful unless you find a bug in the Nmap parallel and rarely useful unless you find a bug in the Nmap parallel
resolver (please let us know if you do). The system resolver (please let us know if you do).
resolver is always used for forward lookups (getting an IP address from a hostname).
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@@ -408,13 +407,13 @@ you would expect.</para>
<varlistentry> <varlistentry>
<term> <term>
<option>--dns-servers <replaceable>server1</replaceable><optional>,<replaceable>server2</replaceable><optional>,...</optional></optional> <option>--dns-servers <replaceable>server1</replaceable><optional>,<replaceable>server2</replaceable><optional>,...</optional></optional>
</option> (Servers to use for reverse DNS queries) </option> (Servers to use for DNS queries)
<indexterm significance="preferred"><primary><option>--dns-servers</option></primary></indexterm> <indexterm significance="preferred"><primary><option>--dns-servers</option></primary></indexterm>
</term> </term>
<listitem> <listitem>
<para>By default, Nmap determines your DNS servers <para>By default, Nmap determines your DNS servers
(for rDNS resolution) from your resolv.conf file (Unix) or from your resolv.conf file (Unix) or
the Registry (Win32). Alternatively, you may use this the Registry (Win32). Alternatively, you may use this
option to specify alternate servers. This option is not option to specify alternate servers. This option is not
honored if you are using <option>--system-dns</option>. honored if you are using <option>--system-dns</option>.
@@ -426,7 +425,7 @@ you would expect.</para>
<para>This option also comes in handy when scanning private <para>This option also comes in handy when scanning private
networks. Sometimes only a few name servers provide networks. Sometimes only a few name servers provide
proper rDNS information, and you may not even know where proper DNS information, and you may not even know where
they are. You can scan the network for port 53 (perhaps they are. You can scan the network for port 53 (perhaps
with version detection), then try Nmap list scans with version detection), then try Nmap list scans
(<option>-sL</option>) specifying each name server one at a (<option>-sL</option>) specifying each name server one at a
@@ -437,8 +436,8 @@ you would expect.</para>
exceeds the size of a UDP packet. In such a situation our DNS exceeds the size of a UDP packet. In such a situation our DNS
resolver will make the best effort to extract a response from the resolver will make the best effort to extract a response from the
truncated packet, and if not successful it will fall back to truncated packet, and if not successful it will fall back to
using the system resolver. Also, responses that contain CNAME aliases using the system resolver.
will fall back to the system resolver.</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>