Replaces original experimental DNS ECS option code

with value prescribed by RFC 7871. Closes #1271

CHANGELOG

@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE][GH#1271] The DNS library is now using ECS code (edns-client-subnet)
+  compliant with RFC 7871 [John Bond]
+
 o [Ncat][GH#1267] Fixed communication with commands launched with -e or -c on
   Windows, especially when --ssl is used. [Daniel Miller]
 

nselib/dns.lua

@@ -1398,7 +1398,7 @@ end
 ---
 -- Adds an client-subnet payload to the OPT packet
 --
--- implementing http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-00
+-- implementing https://tools.ietf.org/html/rfc7871
 -- @param pkt Table representing DNS packet.
 -- @param Z Table of Z flags. Only DO is supported.
 -- @param client_subnet table containing the following fields
@@ -1407,7 +1407,7 @@ end
 --        <code>address</code> - string containing the IP address
 function addClientSubnet(pkt,Z,subnet)
   local udp_payload_size = 4096
-  local code = 20730 -- temporary option-code http://comments.gmane.org/gmane.ietf.dnsext/19776
+  local code = 8 -- https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-11
   local scope_mask = 0 -- In requests, it MUST be set to 0 see draft
   local data = bin.pack(">SCCA",subnet.family or 1,subnet.mask,scope_mask,ipOps.ip_to_str(subnet.address))
   local opt = bin.pack(">SS",code, #data) .. data

scripts/dns-client-subnet-scan.nse

@@ -14,7 +14,7 @@ geographically distributed locations in an attempt to enumerate as
 many different address records as possible. The script also supports
 requests using a given subnet.
 
-* http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-00
+* https://tools.ietf.org/html/rfc7871
 ]]
 
 ---