From 2e08baefd4f9558b74376be7041d3e523cabaec3 Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 28 Jul 2018 23:06:27 +0000
Subject: [PATCH] Replaces original experimental DNS ECS option code with value
 prescribed by RFC 7871. Closes #1271

---
 CHANGELOG                          | 3 +++
 nselib/dns.lua                     | 4 ++--
 scripts/dns-client-subnet-scan.nse | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index b7c680186..0eaf4cb91 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE][GH#1271] The DNS library is now using ECS code (edns-client-subnet)
+  compliant with RFC 7871 [John Bond]
+
 o [Ncat][GH#1267] Fixed communication with commands launched with -e or -c on
   Windows, especially when --ssl is used. [Daniel Miller]
 
diff --git a/nselib/dns.lua b/nselib/dns.lua
index 093eaa52a..9f4f95668 100644
--- a/nselib/dns.lua
+++ b/nselib/dns.lua
@@ -1398,7 +1398,7 @@ end
 ---
 -- Adds an client-subnet payload to the OPT packet
 --
--- implementing http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-00
+-- implementing https://tools.ietf.org/html/rfc7871
 -- @param pkt Table representing DNS packet.
 -- @param Z Table of Z flags. Only DO is supported.
 -- @param client_subnet table containing the following fields
@@ -1407,7 +1407,7 @@ end
 --        <code>address</code> - string containing the IP address
 function addClientSubnet(pkt,Z,subnet)
   local udp_payload_size = 4096
-  local code = 20730 -- temporary option-code http://comments.gmane.org/gmane.ietf.dnsext/19776
+  local code = 8 -- https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-11
   local scope_mask = 0 -- In requests, it MUST be set to 0 see draft
   local data = bin.pack(">SCCA",subnet.family or 1,subnet.mask,scope_mask,ipOps.ip_to_str(subnet.address))
   local opt = bin.pack(">SS",code, #data) .. data
diff --git a/scripts/dns-client-subnet-scan.nse b/scripts/dns-client-subnet-scan.nse
index 9adf20e73..ce35dc25f 100644
--- a/scripts/dns-client-subnet-scan.nse
+++ b/scripts/dns-client-subnet-scan.nse
@@ -14,7 +14,7 @@ geographically distributed locations in an attempt to enumerate as
 many different address records as possible. The script also supports
 requests using a given subnet.
 
-* http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-00
+* https://tools.ietf.org/html/rfc7871
 ]]
 
 ---