On Wed, 18 Nov 2009, stan wrote: >Can anyone xplain this behavior to me?
Without access to your nameservers it's not possible to be sure, but see below -- this looks normal to me. >Given the following resolv.conf file: > >r...@pm3fw:root# cat /etc/resolv.conf >lookup file bind >search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com >nameserver 127.0.0.1 >nameserver 10.209.128.20 >nameserver 10.209.128.26 >nameserver 10.209.142.158 > >And: > >r...@pm3fw:root# nslookup >> cvsup >Server: 127.0.0.1 >Address: 127.0.0.1#53 > >Non-authoritative answer: >Name: cvsup.mcn.chs >Address: 10.209.142.151 >> 10.209.142.151 >Server: 127.0.0.1 >Address: 127.0.0.1#53 > >151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. >> exit > >Why does this happen ? And how? You apparently have a system with multiple names and a single IP address. Both cvsup.mch.chs and cvsup.meadwestvaco.com are assigned address 10.209.142.151, but the reverse-lookup entry can't return both names. Given the order of domains in your 'search' directive, cvsup.mcn.chs is looked up first and so is the name that nslookup reports, but cvsup.meadwestvaco.com was chosen as the 'official' name for the reverse lookup by whoever set up your DNS. >r...@pm3fw:root# nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 cvsup > >Starting Nmap 4.76 ( http://nmap.org ) at 2009-11-18 15:05 EST >Initiating Ping Scan at 15:05 >Scanning 10.209.142.151 [8 ports] >Completed Ping Scan at 15:05, 0.20s elapsed (1 total hosts) >Initiating Parallel DNS resolution of 1 host. at 15:05 >Completed Parallel DNS resolution of 1 host. at 15:05, 0.00s elapsed >Initiating SYN Stealth Scan at 15:05 >Scanning cvsup.meadwestvaco.com (10.209.142.151) [1000 ports] > >Is nmap not using the resolver libraries? I've never looked at the innards of nmap, but I expect that it's reporting the 'official' name from the reverse lookup regardless of how you initially specified the system to scan. Given that it can scan multiple hosts this makes sense, since it may not have been given names for all of them. Dave -- Dave Anderson <d...@daveanderson.com>
