nmap uses a custom stub DNS resolver, meaning that by default, nmap will not use your local DNS servers for IP address to hostname resolution. On a Linux system, regardless of whether the custom nmap stub DNS resolver or your local DNS resolver are being used, /etc/resolv.conf is used to define the target DNS servers.
The important difference between the custom nmap DNS resolve vs. your local DNS resolver is:
- The nmap custom DNS resolver used all of the nameservers in /etc/resolv.conf in parallel
- Your local DNS resolver would only use the primary DNS resolver in /etc/resolv.conf, and only use the secondard nameserver in /etc/resolv.conf if the primary nameserver is unavailable
The --system-dns flag option can be used to only use your primary DNS server in /etc/resolve.conf or to use the secondary DNS server if the primary is unavailable.
The --dns-servers option can be used to define a single target DNS server, or to define two or more target DNS servers, and to only use the first nameserver that is able to resolve the IP address to hostname.
In this example, the -sn option is used to determine if a host (e.g. a target system) is up and --dns-servers is used to specify the DNS servers that should be used to resolve 192.168.0.17 to hostname server1.example.com.
nmap -sn 192.168.0.17 --dns-servers 192.168.0.6
If the target machine does not exist, is down, or is configured to block ICMP packets, something like this should be returned.
Starting Nmap 6.40 ( http://nmap.org ) at 2020-08-30 11:17 CDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.01 seconds
If the host is up and not blocking ICMP packets, something like this should be returned.
Starting Nmap 6.40 ( http://nmap.org ) at 2020-08-30 11:17 CDT
Nmap scan report for 192.168.0.17
Host is up (0.00039s latency).
Nmap done: 1 IP address (1 host up) scanned in 0.02 seconds
Did you find this article helpful?
If so, consider buying me a coffee over at