On Wed, 18 Nov 2009 15:06:28 -0500 stan <st...@panix.com> wrote: > Can anyone xplain this behavior to me? > > Given the following resolv.conf file: > > r...@pm3fw:root# cat /etc/resolv.conf > lookup file bind > search mcn.chs kapstonepaper.com pm3.charleston.meadwestvaco.com > nameserver 127.0.0.1 > nameserver 10.209.128.20 > nameserver 10.209.128.26 > nameserver 10.209.142.158 > > And: > > r...@pm3fw:root# nslookup > > cvsup > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > Non-authoritative answer: > Name: cvsup.mcn.chs > Address: 10.209.142.151 > > 10.209.142.151 > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > 151.142.209.10.in-addr.arpa name = cvsup.meadwestvaco.com. > > exit > > Why does this happen ? And how? > > r...@pm3fw:root# nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 > cvsup > > Starting Nmap 4.76 ( http://nmap.org ) at 2009-11-18 15:05 EST > Initiating Ping Scan at 15:05 > Scanning 10.209.142.151 [8 ports] > Completed Ping Scan at 15:05, 0.20s elapsed (1 total hosts) > Initiating Parallel DNS resolution of 1 host. at 15:05 > Completed Parallel DNS resolution of 1 host. at 15:05, 0.00s elapsed > Initiating SYN Stealth Scan at 15:05 > Scanning cvsup.meadwestvaco.com (10.209.142.151) [1000 ports] > > Is nmap not using the resolver libraries? > >
Your dns at 127.0.0.1 does not resolve 151.142.209.10.in-addr.arpa? 127.0.0.1:53 allows recursiv querys so it looks elsewhere and serves the "real" hostname? - Robert