Nmap dns-nsid NSE Script
This page contains detailed information about how to use the dns-nsid NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/dns-nsid.nse
Script categories: discovery, default, safe
Target service / protocol: dns, udp, tcp
Target network port(s): 53
List of CVEs: -
Script Description
The dns-nsid.nse script retrieves information from a DNS nameserver by requesting its nameserver ID (nsid) and asking for its id.server and version.bind values. This script performs the same queries as the following two dig commands:
- dig CH TXT bind.version @target
- dig +nsid CH TXT id.server @target
References:
Dns-nsid NSE Script Arguments
The dns-nsid.nse script does not have any arguments.
Dns-nsid NSE Script Example Usage
Here's an example of how to use the dns-nsid.nse script:
nmap -sSU -p 53 --script dns-nsid <target>
Dns-nsid NSE Script Example Output
Here's a sample output from the dns-nsid.nse script:
53/udp open domain udp-response
| dns-nsid:
| NSID dns.example.com (646E732E6578616D706C652E636F6D)
| id.server: dns.example.com
|_ bind.version: 9.7.3-P3
Dns-nsid NSE Script Example XML Output
Here's a sample XML output from the dns-nsid.nse script produced by providing the -oX <file> Nmap option:
<table key="NSID">
<elem key="raw">mia01.l.root-servers.org</elem>
<elem key="hex">6d696130312e6c2e726f6f742d736572766572732e6f7267</elem>
</table>
<elem key="id.server">mia01.l.root-servers.org</elem>
<elem key="bind.version">NSD 3.2.15</elem>
Author
- John R. Bond
References
- https://nmap.org/nsedoc/scripts/dns-nsid.html
- https://github.com/nmap/nmap/tree/master/scripts/dns-nsid.nse
- http://www.ietf.org/rfc/rfc5001.txt
- http://www.ietf.org/rfc/rfc4892.txt
- https://nmap.org/svn/docs/licenses/BSD-simplified
See Also
Related NSE scripts to the dns-nsid.nse script:
- dns-blacklist.nse
- dns-brute.nse
- dns-cache-snoop.nse
- dns-check-zone.nse
- dns-client-subnet-scan.nse
- dns-fuzz.nse
- dns-ip6-arpa-scan.nse
- dns-nsec3-enum.nse
- dns-nsec-enum.nse
- dns-random-srcport.nse
- dns-random-txid.nse
- dns-recursion.nse
- dns-service-discovery.nse
- dns-srv-enum.nse
- dns-update.nse
- dns-zeustracker.nse
- dns-zone-transfer.nse
Visit Nmap NSE Library for more scripts.
The dns-nsid.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Failed to decode NSID
Here is a relevant code snippet related to the "Failed to decode NSID" error message:
59: local function rr_filter(pktRR, label)
60: for _, rec in ipairs(pktRR, label) do
61: if ( rec[label] and 0 < #rec.data ) then
62: if ( dns.types.OPT == rec.dtype ) then
63: if #rec.data < 4 then
64: return false, "Failed to decode NSID"
65: end
66: local _, len, pos = string.unpack(">I2 I2", rec.data)
67: if ( len ~= #rec.data - pos + 1 ) then
68: return false, "Failed to decode NSID"
69: end
Failed to decode NSID
Here is a relevant code snippet related to the "Failed to decode NSID" error message:
63: if #rec.data < 4 then
64: return false, "Failed to decode NSID"
65: end
66: local _, len, pos = string.unpack(">I2 I2", rec.data)
67: if ( len ~= #rec.data - pos + 1 ) then
68: return false, "Failed to decode NSID"
69: end
70: return true, string.unpack("c" .. len, rec.data, pos)
71: else
72: return true, string.unpack(">s1", rec.data)
73: end
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
