From 5220e7382ac93247f9a30f575334e425095eaf6a Mon Sep 17 00:00:00 2001
From: fyodor <fyodor@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 31 Jan 2008 05:48:16 +0000
Subject: [PATCH] add dnsmasq DNS server matchlines (was previously detected as
 bind).  Patch by Sven Klemm

---
 nmap-service-probes | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nmap-service-probes b/nmap-service-probes
index b15924bd6..3fe04be0a 100644
--- a/nmap-service-probes
+++ b/nmap-service-probes
@@ -5098,6 +5098,7 @@ match rtp m|^501 0 Endpoint is not ready - Unrecognized command verb\n|
 Probe UDP DNSVersionBindReq q|\0\x06\x01\0\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03|
 rarity 1
 ports 53,1967,2967
+match domain m|\x07version\x04bind.*\x0cdnsmasq-([-\w._ ]+)$|s p/dnsmasq/ v/$1/
 # Allow 3-12 character version numbers
 match domain m|\x07version\x04bind.*[\x03-\x14]([-\w._ ]{3,20})$|s p/ISC BIND/ v/$1/
 match domain m|\x07version\x04bind.*[\x03-\x14]BIND ([-\w._]{3,20})$|s p/ISC BIND/ v/$1/
@@ -5143,6 +5144,7 @@ match domain m|^\0\x06\x81\x82\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x0
 Probe TCP DNSVersionBindReq q|\0\x1E\0\x06\x01\0\0\x01\0\0\0\0\0\0\x07version\x04bind\0\0\x10\0\x03|
 rarity 3
 ports 53,135,512-514,543,544,1029,13783,1521,2068,2105,2967,5323,5520,5530,5555,6543,7000,7008
+match domain m|\x07version\x04bind.*\x0cdnsmasq-([-\w._ ]+)$|s p/dnsmasq/ v/$1/
 match domain m|\x07version\x04bind.*[\x03-\x14]([-\w._ ]{3,20})$|s p/ISC BIND/ v/$1/
 match domain m|\x07version\x04bind.*[\x03-\x14]BIND ([-\w._]{3,20})$|s p/ISC BIND/ v/$1/
 # ISC Bind 9.1.3