Nmap problems - perhaps someone can help?

When I ran a simple nmap scan on my localized virtual network I received the following error:

Unable to open /etc/resolv.conf

Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers

So, I followed a fix from an nmap discssion way back from 2088 that said to simply recreate the missing /etc/resolv.conf file and enter the following DNS entry: nameserver 4.2.2.1

Now, when I try nmap it works absolutely fine...so...my question is - what is the nameserver 4.2.2.1? Is it just something to add to make nmap work? I'd like to know what I did to fix it rather than just 'fixing it' by following someones (correct) advice...

Thanks!

PS here is the link from the nmap forum post: Nmap Development: Re: Problem running Nmap

Find more posts tagged with

Comments

stryder144

That address maps to a public DNS server that is owned/operated by my former employer, Level 3 Communications.

Mike7

You can use any nameserver, e.g. Google DNS at 8.8.8.8

When you run nmap with default settings, it tries to do reverse DNS lookup of any IP address it discovers. You host did not have a DNS name server configured, hence the error.

Add the -n switch to disable rDNS lookup as per https://nmap.org/book/man-host-discovery.html

resilient

I see.....

thanks...that explains that...

so basically nmap is simply pushing the IP address to a DNS service which we specify in the etc/resolv.conf file?

Mike7

Yes. You can also verify nmap DNS look-up using WireShark.

Spin Lock

Mike7 explained the problem quite well. When you specify an endpoint IP address in nmap, it attempts to perform a reverse DNS lookup. If you don't know what that is, I'll explain but more importantly, anyone who is serious about a career in networking or security absolutely needs to have a deep understanding of DNS. DNS is just too important for anyone to ignore. Not understanding DNS is like not understanding IP addressing, routing or switching. So spend the time to really understand it. It is time well spent.

A reverse DNS lookup occurs when you query the DNS resolver, but instead of providing the resolver with a fully qualified domain name (FQDN) you provide it with an IP Address and ask DNS to return the FQDN. nmap is doing this to provide you with more information about the IP address you are scanning.

resolver.conf is a file that Linux uses as part of the name resolution process. When nmap requests a reverse IP lookup, the OS generates a DNS query that it must issue to a resolver. A resolver is a DNS nameserver that handles "recursive queries". In your case, nmap asked for DNS address resolution but the OS doesn't know who to pass the query to because resolv.conf doesn't list the IP address of a valid DNS resolver.

When you updated that file to point to the Level 3 resolver, everything worked. You could have used any public resolver, such as the one Google runs, or the one your ISP runs for it's customers. The point is, resolv.conf lists the name of a DNS resolver whose job it is to receive queries from your system and respond to those queries with the requested info.