7

nmap allows the use of different DNS servers (not local). What is the benefit of doing so?

user1801810
  • 379
  • 1
  • 9
user78612
  • 71
  • 1

1 Answers1

7

There are all sorts of reasons:

  • You might not have access to local DNS servers.
  • You might want to query against a specific non-default DNS server within the organisation, which you suspect may leak more information than their defaults.
  • You might not want to alert a sysadmin / blue team by performing lots of DNS lookups across the infrastructure, so you might opt for an alternative DNS.
  • You might not want to use your ISP's DNS servers (or other 3rd party DNS) for legal or contractual reasons.

I'm sure there are other reasons too. These are just a few off the top of my head.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • 2
    You may want to compare data stored by different DNS servers. – biziclop Jun 15 '15 at 12:56
  • 1
    @biziclop In that particular case I'd be using `dig` rather than nmap, but you are correct that it *can* be done that way. – Polynomial Jun 15 '15 at 13:25
  • 1
    I think postulate #2 is the most widely applicable. The point of using DNS in Nmap at all (since odds are slim that you dont know the IP of the host you are scanning) is to reverse the IP to gather more info on a given scanned host. Reverse lookups, especially of internal/private (rfc1918) address space are more likely to yield good info if you can point them at arbitrary places like internal DHCP servers. – Jeff Meden Jun 15 '15 at 14:34