Force Reverse DNS Resolution
The -R parameter instructs Nmap to always perform reverse DNS resolution on the target IP address.
Usage syntax: nmap -R [target]
By default, Nmap will only do reverse DNS for hosts that appear to be online. The -R option is useful when performing reconnaissance on a block of IP addresses as Nmap will try to resolve the reverse DNS information of every IP address. The reverse DNS information can reveal interesting information about the target IP address (even if it is offline or blocking Nmap’s probes).
Note The -R option can dramatically reduce the performance of a scan.
Disable Reverse DNS Resolution
The -n parameter is used to disable reverse DNS lookups.
Usage syntax: nmap -n [target]
Reverse DNS dramatically can significantly slow an Nmap scan. Using the -n option
greatly reduces scanning times - especially when scanning a large number of hosts.
This option is useful if you don’t care about the DNS information for the target
system and prefer to perform a scan which produces faster results.
Alternative DNS Lookup Method
The --system-dns option instructs Nmap to use the host system’s DNS resolver
instead of its own internal method.
Usage syntax: nmap --system-dns [target]
This option is rarely used as it is much slower than the default method. It can,
however, be useful when troubleshooting DNS problems with Nmap.
Note
The system resolver is always used for IPv6 scans as Nmap has not yet fully implemented its own internal IPv6 resolver.
Manually Specify DNS Server(s)
The --dns-servers option is used to manually specify DNS servers to be queried
when scanning.
Nmap’s default behavior will use the DNS servers configured on your local system
for name resolution. The --dns-servers option allows you to specify one or more
alternative servers for Nmap to query. This can be useful for systems that do not
have DNS configured or if you want to prevent your scan lookups from appearing in
your locally configured DNS server’s log file.
Note This option is currently not available for IPv6 scans.
The -R parameter instructs Nmap to always perform reverse DNS resolution on the target IP address.
Usage syntax: nmap -R [target]
# nmap -R 64.13.134.52Output of a Nmap scan with reverse DNS enabled
Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-13 17:22 Central
Daylight Time
Interesting ports on scanme.nmap.org (64.13.134.52):
Not shown: 993 filtered ports
PORT STATE
25/tcp closed smtp
SERVICE
53/tcp open
70/tcp closed gopher
80/tcp open
110/tcp closed pop3
113/tcp closed auth
domain
http
31337/tcp closed Elite
Nmap done: 1 IP address (1 host up) scanned in 9.38 seconds
By default, Nmap will only do reverse DNS for hosts that appear to be online. The -R option is useful when performing reconnaissance on a block of IP addresses as Nmap will try to resolve the reverse DNS information of every IP address. The reverse DNS information can reveal interesting information about the target IP address (even if it is offline or blocking Nmap’s probes).
Note The -R option can dramatically reduce the performance of a scan.
Disable Reverse DNS Resolution
The -n parameter is used to disable reverse DNS lookups.
Usage syntax: nmap -n [target]
# nmap -n 64.13.134.52Output of a Nmap scan with reverse DNS disabled
Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-13 17:23 Central
Daylight Time
Interesting ports on 64.13.134.52:
Not shown: 993 filtered ports
PORT STATE
SERVICE
25/tcp closed smtp
53/tcp open
70/tcp closed gopher
80/tcp open
110/tcp closed pop3
113/tcp closed auth
domain
http
31337/tcp closed Elite
Nmap done: 1 IP address (1 host up) scanned in 8.48 seconds
Reverse DNS dramatically can significantly slow an Nmap scan. Using the -n option
greatly reduces scanning times - especially when scanning a large number of hosts.
This option is useful if you don’t care about the DNS information for the target
system and prefer to perform a scan which produces faster results.
Alternative DNS Lookup Method
The --system-dns option instructs Nmap to use the host system’s DNS resolver
instead of its own internal method.
Usage syntax: nmap --system-dns [target]
$ nmap --system-dns scanme.insecure.orgOutput of a Nmap scan using the system DNS resolver
Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-09 21:47 CDT
Interesting ports on scanme.nmap.org (64.13.134.52):
Not shown: 972 closed ports, 26 filtered ports
PORT
STATE SERVICE
53/tcp open domain
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 19.86 second
This option is rarely used as it is much slower than the default method. It can,
however, be useful when troubleshooting DNS problems with Nmap.
Note
The system resolver is always used for IPv6 scans as Nmap has not yet fully implemented its own internal IPv6 resolver.
Manually Specify DNS Server(s)
The --dns-servers option is used to manually specify DNS servers to be queried
when scanning.
Usage syntax: nmap --dns-servers [server1,server2,etc] [target]Manually specifying DNS servers
$ nmap --dns-servers 208.67.222.222,208.67.220.220 scanme.insecure.org
Starting Nmap 5.00 ( http://nmap.org ) at 2009-08-09 22:40 CDT
Interesting ports on scanme.nmap.org (64.13.134.52):
Not shown: 998 closed ports
PORT
STATE SERVICE
53/tcp open domain
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 32.07 seconds
Nmap’s default behavior will use the DNS servers configured on your local system
for name resolution. The --dns-servers option allows you to specify one or more
alternative servers for Nmap to query. This can be useful for systems that do not
have DNS configured or if you want to prevent your scan lookups from appearing in
your locally configured DNS server’s log file.
Note This option is currently not available for IPv6 scans.