How can you disable DNS resolution and why would you do this on large networks?

• A. Use -n to disable DNS resolution
• B. Use -D to disable DNS
• C. Use -N to disable name resolution only for the target
• D. Use --no-dns

Answer: (A)

Disabling DNS resolution in Nmap is done with the -n option. This tells Nmap not to perform reverse DNS lookups on the scanned IPs, so it will scan using IP addresses without trying to translate them to hostnames. This is especially valuable on large networks because DNS queries for thousands of hosts can add significant latency, generate a lot of traffic to DNS servers, and potentially trigger rate limits or monitoring. By skipping DNS, scans finish faster and place less load on infrastructure. Remember, this affects just hostname resolution; port/service name resolution and probing behavior are unchanged, and you’ll see IPs in the output rather than hostnames. For best results, feed Nmap a list of IP addresses rather than hostnames.