Version detection cleanup of references to Win2003 that

actually matched newer versions of windows.  Also, adjust/
remove 'domain' matchlines that only varied on the 3rd byte.
This byte contains the response error code which varies 
depending on the server and query state, not the OS.

nmap-service-probes

@@ -11538,13 +11538,10 @@ Probe UDP NBTStat q|\x80\xf0\0\x10\0\x01\0\0\0\0\0\0\x20\x43\x4bAAAAAAAAAAAAAAAA
 rarity 4
 ports 137
 
-# Windows Server 2003
-match domain m|^\x80\xf0\x80\x80\0\x01\0\0....\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01|s p/Microsoft DNS/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2003/
-# Windows Server 2003
-match domain m|^\x80\xf0\x80\x82\0\x01\0\0....\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01|s p/Microsoft DNS/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server_2003/
-# Windows Server 2012 Release Candidate Datacenter running DNS 6.2.8400.0.
-# Also PowerDNS 2.9.21-4.el5.centos, but we'll match that in DNSVersionBindReq
-match domain m|^\x80\xf0\x80\x02\0\x01\0\0....\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01|s p/Microsoft DNS/ v/6.2/ o/Windows/ cpe:/a:microsoft:dns:6.2/ cpe:/o:microsoft:windows_server_2012/
+# Windows Server DNS - first two bytes are transaction ID, second two are flags, most variation is in the second part of the flag (3rd byte from start) which indicates if there is 
+# an error.  This value isn't OS specific and depends on the state of the server.  See Response Code here: 
+# http://www.tcpipguide.com/free/t_DNSMessageHeaderandQuestionSectionFormat.htm Windows Server 2003
+match domain m|^\x80\xf0\x80.\0\x01\0\0....\x20CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01|s p/Microsoft DNS/ o/Windows/ cpe:/a:microsoft:dns/ cpe:/o:microsoft:windows_server/
 
 match domain m|^\x80\xf0\x81\x83\0\x01\0\0\0\0\0\0 ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\0\0!\0\x01| p/Mikrotik DNS/ d/router/