Nmap's host discovery engine is robust and uses many kinds of probes to determine whether a host is up on a network. The term "ping" is used for this kind of activity, which can be confusing, since it usually refers to ICMP Echo Request (Type 8 Code 0) and Echo Response (Type 0 Code 0).
What is most likely happening here is that Nmap is sending an ARP request for the target IP address, and marking it as "up" when it gets a positive response. This is the method Nmap uses when running with sufficient privilege against addresses in your interface's broadcast domain.
For other hosts, the default host discovery probes are (in order): ICMP Echo Request, TCP SYN to port 443, TCP ACK to port 80, and ICMP Timestamp Request. Note that if you are running without root/administrator privileges (or using the --unprivileged
option), host discovery is done with a TCP SYN and full handshake to port 80 and 443, regardless of broadcast domain.
The DNS request is sent for all hosts that Nmap finds up. You can disable it with the -n
argument.