nmap DNS leaks

[Mymustache]

I never noticed before that nmap scanning a private network 192.168.*.*/* or 10.*.*.*/* using the option n (-Pn or -sn) is quering for the given addresses. It happens on LMDE3 (desktop)and on KALI based on Bullseye (as Virtualbox guest). Can someone explain to me if there is a reason for this? I have also installed DNScrypt-proxy on the desktop and I detect the dns leaks monitoring the traffic with wireshark. TY

[djph]

nmap doing the reverse lookup isn't (necessarily) "a dns leak".

Also, nmap -sn 192.168.0.0/24 is NOT the same as nmap -n -sn [...]

[Mymustache]

Thank you for your response. My mistake.

[cpedretti]

I never noticed before that nmap scanning a private network 192.168.*.*/* or 10.*.*.*/* using the option n (-Pn or -sn) is quering for the given addresses. It happens on LMDE3 (desktop)and on KALI based on Bullseye (as Virtualbox guest). Can someone explain to me if there is a reason for this? I have also installed DNScrypt-proxy on the desktop and I detect the dns leaks monitoring the traffic with wireshark. TY

To secure your DNS nothing better than dnscrypt-proxy2.

Adguard Home also offers the role in charge of dnssec.

Here some servers offering dnssec public resolver => https://download.dnscrypt.info/resolver ... solvers.md.

[Mymustache]

Yes, thank you. It's working for a while like a charm . I just referenced because I didn't notice that I was missing an option in nmap (ignorance), for easier troubleshoot. However, I still don't understand why nmap is designed to allow dns requests when the private network or private addresses are specified, maybe a choice to keep it simple and lighter?! or...(I prefer to drive manual instead of automatic, maybe its for the same reason?!)...anyway, I learned the lesson.

[djph]

I still don't understand why nmap is designed to allow dns requests when the private network or private addresses are specified.

because knowing what host responded (by name) is quite helpful.

[phd21]

Hi Mymustache,

Welcome to the wonderful world of Linux Mint and its excellent forum!

I just read your post and the good replies to it. Here are my thoughts on this as well.

Although "dnscrypt-proxy" is a good choice for keeping DNS leaks from happening when using a VPN or not using a VPN, there are a couple other options for implementing DNS protection like "DNS over TLS" and "DNS over HTTPS" that you might consider.

I use DNS over TLS (DOT) and the link below is an excellent article on easily setting this up
Configure DNS over TLS on Linux Mint to Protect DNS Privacy
https://www.linuxbabe.com/linux-mint/dn ... tls-stubby

Set Up DNS over HTTPS (DoH) Resolver on Ubuntu with DNSdist
https://www.linuxbabe.com/ubuntu/dns-ov ... tu-dnsdist

Hope this helps ...

[Mymustache]

I still don't understand why nmap is designed to allow dns requests when the private network or private addresses are specified.

because knowing what host responded (by name) is quite helpful.

Yes I understand. I believe is not wrong or right it’s more a question of choice and it is related to the use case. My point with that comment was: as a security/networking tool if the reverse lookup is needed it could be specified, instead of being given at the first (of course doesn’t excuse my -n mistake). This is more a philosophical debate but I love nmap and I think it’s an excellent tool and I still have allot to learn about its full capacity.

[Mymustache]

Hi Mymustache,

Welcome to the wonderful world of Linux Mint and its excellent forum!

I just read your post and the good replies to it. Here are my thoughts on this as well.

Although "dnscrypt-proxy" is a good choice for keeping DNS leaks from happening when using a VPN or not using a VPN, there are a couple other options for implementing DNS protection like "DNS over TLS" and "DNS over HTTPS" that you might consider.

I use DNS over TLS (DOT) and the link below is an excellent article on easily setting this up
Configure DNS over TLS on Linux Mint to Protect DNS Privacy
https://www.linuxbabe.com/linux-mint/dn ... tls-stubby

Set Up DNS over HTTPS (DoH) Resolver on Ubuntu with DNSdist
https://www.linuxbabe.com/ubuntu/dns-ov ... tu-dnsdist

Hope this helps ...

Thank you for the links, very useful.
I already used, in a simple way, DoH just on firefox. Then read about what the pros and cons of those solutions and I decided to install DNScrypt-proxy. Maybe I’ll change after install LMDE5.

[djph]

I still don't understand why nmap is designed to allow dns requests when the private network or private addresses are specified.

because knowing what host responded (by name) is quite helpful.

Yes I understand. I believe is not wrong or right it’s more a question of choice and it is related to the use case. My point with that comment was: as a security/networking tool if the reverse lookup is needed it could be specified, instead of being given at the first (of course doesn’t excuse my -n mistake). This is more a philosophical debate but I love nmap and I think it’s an excellent tool and I still have allot to learn about its full capacity.

Yeah, the default is (IIRC) to "sometimes" perform the lookup (i.e. "do the lookup if the host at that IP responds"). You can then either disable it entirely (-n) or force it to always lookup (-R).

note too that nmap is primarily a network discovery tool, and the "security" / "portscan" stuff is bolted on top.