recog-intrigue 2.3.7 → 2.3.14

data/xml/apache_os.xml

@@ -1,10 +1,11 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version='1.0' encoding='UTF-8'?>
 <fingerprints matches="apache_os" database_type="util.os" preference="0.10">
   <!--
   When an HTTP server is fingerprinted as Apache, a 2nd analysis pass is done
   on the server headers HTTPProtocolHelper.SERVER_HEADERS: they are matched
   against the following patterns to extract OS information.
   -->
+
   <fingerprint pattern=".*\(iSeries\).*">
     <description>IBM i5/OS iSeries (OS/400)</description>
     <param pos="0" name="os.vendor" value="IBM"/>
@@ -12,6 +13,7 @@
     <param pos="0" name="os.product" value="OS/400"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:ibm:os_400:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Mandrake Linux/\d+\.\d+\.92mdk\).*">
     <description>Mandriva (formerly Mandrake) Linux 9.2</description>
     <param pos="0" name="os.certainty" value="0.9"/>
@@ -21,6 +23,7 @@
     <param pos="0" name="os.version" value="9.2"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:9.2"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Mandrake Linux/\d+\.\d+\.100mdk\).*">
     <description>Mandriva (formerly Mandrake) Linux 10.0</description>
     <param pos="0" name="os.certainty" value="0.9"/>
@@ -30,6 +33,7 @@
     <param pos="0" name="os.version" value="10.0"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:10.0"/>
   </fingerprint>
+
   <fingerprint pattern=".*\((?:Mandrake|Mandriva) Linux/.*">
     <description>Mandriva (formerly Mandrake) Linux unknown version</description>
     <param pos="0" name="os.vendor" value="Mandriva"/>
@@ -37,6 +41,7 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Mandrakelinux/.*">
     <description>Mandriva (formerly Mandrake) Linux unknown version - variant 2</description>
     <param pos="0" name="os.vendor" value="Mandriva"/>
@@ -44,12 +49,14 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:mandriva:linux:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(PalmOS\).*">
     <description>PalmOS</description>
     <param pos="0" name="os.vendor" value="Palm"/>
     <param pos="0" name="os.family" value="PalmOS"/>
     <param pos="0" name="os.product" value="PalmOS"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Win32\).*">
     <description>Microsoft Windows</description>
     <param pos="0" name="os.certainty" value="0.75"/>
@@ -58,6 +65,7 @@
     <param pos="0" name="os.product" value="Windows"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Darwin\).*">
     <description>Apple Mac OS X</description>
     <param pos="0" name="os.vendor" value="Apple"/>
@@ -65,6 +73,7 @@
     <param pos="0" name="os.product" value="Mac OS X"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Ubuntu\).*">
     <description>Ubuntu</description>
     <param pos="0" name="os.vendor" value="Ubuntu"/>
@@ -72,18 +81,21 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*(?:Sun )?Cobalt \(Unix\)?.*">
     <description>Sun Cobalt RaQ (Red Hat based Linux)</description>
     <param pos="0" name="os.vendor" value="Sun"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Cobalt RaQ"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(BlueQuartz\).*">
     <description>Blue Quartz is created by a Cobalt RaQ UG</description>
     <param pos="0" name="os.vendor" value="Sun"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Cobalt RaQ"/>
   </fingerprint>
+
   <fingerprint pattern="^Apache\/2\.2\.11.*\(Fedora\).*">
     <description>Red Hat Fedora 11</description>
     <param pos="0" name="os.vendor" value="Red Hat"/>
@@ -92,6 +104,7 @@
     <param pos="0" name="os.version" value="11"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:11"/>
   </fingerprint>
+
   <fingerprint pattern="^Apache\/2\.2\.15.*\(Fedora\).*">
     <description>Red Hat Fedora 13</description>
     <param pos="0" name="os.vendor" value="Red Hat"/>
@@ -100,6 +113,7 @@
     <param pos="0" name="os.version" value="13"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:13"/>
   </fingerprint>
+
   <fingerprint pattern="^Apache\/2\.2\.16.*\(Fedora\).*">
     <description>Red Hat Fedora 14</description>
     <param pos="0" name="os.vendor" value="Red Hat"/>
@@ -108,6 +122,7 @@
     <param pos="0" name="os.version" value="14"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:14"/>
   </fingerprint>
+
   <fingerprint pattern="^Apache\/2\.2\.23.*\(Fedora\).*">
     <description>Red Hat Fedora 17</description>
     <param pos="0" name="os.vendor" value="Red Hat"/>
@@ -116,6 +131,7 @@
     <param pos="0" name="os.version" value="17"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:17"/>
   </fingerprint>
+
   <fingerprint pattern="^Apache\/2\.4\.3.*\(Fedora\).*">
     <description>Red Hat Fedora 18</description>
     <param pos="0" name="os.vendor" value="Red Hat"/>
@@ -124,6 +140,7 @@
     <param pos="0" name="os.version" value="18"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:18"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Fedora\).*">
     <description>Red Hat Fedora</description>
     <param pos="0" name="os.vendor" value="Red Hat"/>
@@ -131,6 +148,7 @@
     <param pos="0" name="os.product" value="Fedora Core Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(RHEL\).*">
     <description>Red Hat Enterprise Linux</description>
     <param pos="0" name="os.vendor" value="Red Hat"/>
@@ -138,6 +156,7 @@
     <param pos="0" name="os.product" value="Enterprise Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Red[ -]Hat(?:[/ ]Linux)?\).*">
     <description>Red Hat Linux</description>
     <param pos="0" name="os.vendor" value="Red Hat"/>
@@ -145,6 +164,7 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Red Hat Enterprise (?:Linux)?\).*">
     <description>Apache OS: Red Hat Enterprise Linux</description>
     <example os.vendor="Red Hat">Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips</example>
@@ -153,6 +173,7 @@
     <param pos="0" name="os.product" value="Enterprise Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*Debian(?:[/ ]GNU)?(?:/Linux)?.*">
     <description>Debian Linux</description>
     <param pos="0" name="os.vendor" value="Debian"/>
@@ -160,6 +181,7 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\((?:Linux/)?S[uU]SE(?:/Linux)?\).*">
     <description>Novell SuSE Linux</description>
     <param pos="0" name="os.vendor" value="SuSE"/>
@@ -167,6 +189,7 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:suse:linux:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(NETWARE\).*">
     <description>Novell NetWare</description>
     <param pos="0" name="os.vendor" value="Novell"/>
@@ -174,6 +197,7 @@
     <param pos="0" name="os.product" value="NetWare"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:novell:netware:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*HP-UX_Apache-based_Web_Server.*">
     <description>HP HP-UX</description>
     <param pos="0" name="os.vendor" value="HP"/>
@@ -181,6 +205,7 @@
     <param pos="0" name="os.product" value="HP-UX"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:hp:hp-ux:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(CentOS\).*">
     <description>CentOS Linux</description>
     <param pos="0" name="os.vendor" value="CentOS"/>
@@ -188,12 +213,14 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:centos:centos:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Turbolinux\).*">
     <description>Turbolinux</description>
     <param pos="0" name="os.vendor" value="Turbolinux"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(FreeBSD\).*">
     <description>FreeBSD</description>
     <param pos="0" name="os.vendor" value="FreeBSD"/>
@@ -201,12 +228,14 @@
     <param pos="0" name="os.product" value="FreeBSD"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:freebsd:freebsd:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Asianux\).*">
     <description>Asianux Linux</description>
     <param pos="0" name="os.vendor" value="Asianux"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Gentoo(?:/Linux)?\).*">
     <description>Gentoo Linux</description>
     <param pos="0" name="os.vendor" value="Gentoo"/>
@@ -214,6 +243,7 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:gentoo:linux:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Conectiva(?:/Linux)?\).*">
     <description>Conectiva Linux</description>
     <param pos="0" name="os.vendor" value="Conectiva"/>
@@ -221,6 +251,7 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:conectiva:linux:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Trustix Secure Linux(?:/Linux)?\).*">
     <description>Trustix Linux</description>
     <param pos="0" name="os.vendor" value="Trustix"/>
@@ -228,46 +259,54 @@
     <param pos="0" name="os.product" value="Secure Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:trustix:secure_linux:-"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(White Box\).*">
     <description>White Box Enterprise Linux</description>
     <param pos="0" name="os.vendor" value="White Box"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Enterprise Linux"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(UnitedLinux\).*">
     <description>UnitedLinux</description>
     <param pos="0" name="os.vendor" value="UnitedLinux"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(PLD/Linux\).*">
     <description>PLD Linux</description>
     <param pos="0" name="os.vendor" value="PLD"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(Vine/Linux\).*">
     <description>Vine Linux</description>
     <param pos="0" name="os.vendor" value="Vine"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(rPath\).*">
     <description>rPath Linux</description>
     <param pos="0" name="os.vendor" value="rPath"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
   </fingerprint>
+
   <fingerprint pattern=".*\(StartCom Linux\).*">
     <description>StartCom Linux</description>
     <param pos="0" name="os.vendor" value="StartCom"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
   </fingerprint>
+
   <fingerprint pattern=".*Linux.*">
     <description>Generic Linux fallback</description>
     <param pos="0" name="os.certainty" value="0.75"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
   </fingerprint>
-</fingerprints>
+
+</fingerprints>

data/xml/architecture.xml

@@ -1,36 +1,44 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version='1.0' encoding='UTF-8'?>
 <fingerprints matches="architecture" database_type="util.os">
   <!--
     Generic rules for matching a machine architecture, platform, or chipset
   -->
+
   <fingerprint pattern="x64|amd64|x86_64" flags="REG_ICASE">
     <description>x64 (x86_x64)</description>
     <example>Linux claw 3.11.0-15-generic #23-Ubuntu SMP Mon Dec 9 18:17:04 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux</example>
     <param pos="0" name="os.arch" value="x86_64"/>
   </fingerprint>
+
   <fingerprint pattern="x86|i[3456]86" flags="REG_ICASE">
     <description>x86</description>
     <example>Linux bob 3.2.0-1-generic #3-Ubuntu SMP Wed Dec 11 19:12:55 UTC 2013 i686 i686 i686 GNU/Linux</example>
     <param pos="0" name="os.arch" value="x86"/>
   </fingerprint>
+
   <fingerprint pattern="PowerPC|PPC|POWER|ppc">
     <description>PowerPC</description>
     <param pos="0" name="os.arch" value="PowerPC"/>
   </fingerprint>
+
   <fingerprint pattern="SPARC" flags="REG_ICASE">
     <description>SPARC</description>
     <param pos="0" name="os.arch" value="Sparc"/>
   </fingerprint>
+
   <fingerprint pattern="mips" flags="REG_ICASE">
     <description>MIPS</description>
     <param pos="0" name="os.arch" value="MIPS"/>
   </fingerprint>
+
   <fingerprint pattern="arm64|aarch64" flags="REG_ICASE">
     <description>ARM64 (aarch64)</description>
     <param pos="0" name="os.arch" value="ARM64"/>
-  </fingerprint>  
+  </fingerprint>
+
   <fingerprint pattern="arm" flags="REG_ICASE">
     <description>ARM</description>
     <param pos="0" name="os.arch" value="ARM"/>
   </fingerprint>
-</fingerprints>
+
+</fingerprints>

data/xml/dns_versionbind.xml

@@ -1,22 +1,56 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version='1.0' encoding='UTF-8'?>
 <fingerprints matches="dns.versionbind" protocol="dns" database_type="service" preference="0.750">
   <!--
     This fingerprint file matches the text string response from a DNS
     version.bind request.
-
     For example, the string 'dnsmasq-2.76-1-ubnt2' emitted by the command below:
-
     $ nslookup -type=txt -class=chaos VERSION.BIND <dns_server> | grep VERSION.BIND | cut -d\" -f2
     dnsmasq-2.76-1-ubnt2
+  -->
 
+  <!--
+  The following 'assert nothing' block is intended to handle banners so simple
+  that they cannot be attributed to a product or vendor. They are at the
+  beginning of the file as a performance tweak given how frequenty they occur.
   -->
+
+  <fingerprint pattern="^$">
+    <description>empty string -- assert nothing.</description>
+    <example/>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^none$">
+    <description>bare 'none' -- assert nothing.</description>
+    <example>none</example>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^null$">
+    <description>bare 'null' -- assert nothing.</description>
+    <example>null</example>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="(?i)^unknown$">
+    <description>bare 'unknown' -- assert nothing.</description>
+    <example>unknown</example>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
+  <fingerprint pattern="^no version$">
+    <description>bare 'no version' -- assert nothing.</description>
+    <example>no version</example>
+    <param pos="0" name="service.certainty" value="0.0"/>
+  </fingerprint>
+
   <!-- Red Hat package naming:
        https://fedoraproject.org/wiki/Packaging:DistTag
        https://fedoraproject.org/wiki/Packaging:Versioning
-
        Enterprise linux release dates:
        https://access.redhat.com/articles/3078
   -->
+
   <fingerprint pattern="^(9.[^-]+(?:-rpz\d?[+.]rl[\d.]+)?(?:-[SP]\d)?)-RedHat-[\d.]+[-.][\w.]+el([\d]+)_?(\d*)(?:.[\w.]+)?$">
     <description>ISC BIND: Red Hat Enterprise Linux</description>
     <example service.version="9.8.2rc1" os.version="6" os.version.version="9">9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.2</example>
@@ -38,10 +72,12 @@
     <param pos="3" name="os.version.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^(9.[^-]+(?:-rl[.\d]+)?(?:-[SP]\d)?)-RedHat-[\d.]+-[\w.]+fc([\d]+)$">
     <description>ISC BIND: Fedora</description>
     <example service.version="9.10.4-P8">9.10.4-P8-RedHat-9.10.4-4.P8.fc25</example>
     <!-- The '-rl' in the example below indicates a rate limiting patch -->
+
     <example service.version="9.9.3-rl.13207.22-P2">9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19</example>
     <example os.version="10">9.5.2-RedHat-9.5.2-1.fc10</example>
     <param pos="0" name="service.vendor" value="ISC"/>
@@ -55,6 +91,7 @@
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:fedora_core:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-RedHat-[\w.-]+amzn1$">
     <description>ISC BIND: Red Hat - Amazon hosted</description>
     <example service.version="9.8.2rc1">9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1</example>
@@ -67,6 +104,7 @@
     <param pos="0" name="os.vendor" value="Red Hat"/>
     <param pos="0" name="os.family" value="Linux"/>
   </fingerprint>
+
   <fingerprint pattern="(9.[^-]+(?:-[SP]\d)?)-RedHat-[\w.-]+alios([\d\.]+)$">
     <description>ISC BIND: Red Hat - Alibaba Customized EL</description>
     <example service.version="9.9.9-P3" os.version="6">9.9.9-P3-RedHat-9.9.9-2.1.alios6</example>
@@ -82,6 +120,7 @@
     <param pos="2" name="os.version"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:enterprise_linux:{os.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^(9.[^-]+(?:rc\d)?(?:-[SP]\d)?)-RedHat-[\d.-]+(?:[-\.][SP]\d)?(?:rc[\d\.]+)?$">
     <description>ISC BIND: Red Hat nonspecific platform</description>
     <example service.version="9.9.10-P2">9.9.10-P2-RedHat-9.9.10-P2</example>
@@ -97,6 +136,7 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:redhat:linux:-"/>
   </fingerprint>
+
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-[\d.]+ubuntu[\d.]+-Ubuntu$">
     <description>ISC BIND: Ubuntu</description>
     <example service.version="9.9.5">9.9.5-11ubuntu1.1-Ubuntu</example>
@@ -111,6 +151,7 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
   </fingerprint>
+
   <fingerprint pattern="^(9.[^-]+-rpz\d?[+.]rl[\d.]+(?:-[SP]\d)?)-Ubuntu-[\d\.:]+[\w\.]+(?:-[SP]\d)?-\d?ubuntu[\d\.]+$">
     <description>ISC BIND: Ubuntu with Response Policy Zone and Request Limiting patches</description>
     <example service.version="9.9.3-rpz2+rl.13214.22-P2">9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu1.1</example>
@@ -124,6 +165,7 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
   </fingerprint>
+
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)(?:-[\d\.]+)?-Ubuntu$">
     <description>ISC BIND: Ubuntu short</description>
     <example service.version="9.10.3-P4">9.10.3-P4-Ubuntu</example>
@@ -139,6 +181,7 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
   </fingerprint>
+
   <fingerprint pattern="^(9.[\d\.]+(?:[+-]rpz\d?[+.]rl[\d.]+)?(?:-[SP]\d)?).*[+-]zentyal\d*">
     <description>ISC BIND: Ubuntu Zentyal custom distribution</description>
     <example service.version="9.9.5">9.9.5-3+zentyal-Ubuntu</example>
@@ -153,8 +196,24 @@
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Zentyal"/>
   </fingerprint>
+
+  <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)(?:-[\d\.]+)?\+deb10[\w~\.]+-Debian$">
+    <description>ISC BIND: Debian 10.0 (buster)</description>
+    <example service.version="9.11.5-P4">9.11.5-P4-5.1+deb10u1-Debian</example>
+    <param pos="0" name="service.vendor" value="ISC"/>
+    <param pos="0" name="service.family" value="BIND"/>
+    <param pos="0" name="service.product" value="BIND"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Debian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.version" value="10.0"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:10.0"/>
+  </fingerprint>
+
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-9\+deb8u[\w~\.]+-Debian$">
-    <description>ISC BIND: Debian Jessie</description>
+    <description>ISC BIND: Debian 8.0 (jessie)</description>
     <example service.version="9.9.5">9.9.5-9+deb8u11-Debian</example>
     <example service.version="9.9.5">9.9.5-9+deb8u6A~4.2.0.201702281603-Debian</example>
     <param pos="0" name="service.vendor" value="ISC"/>
@@ -168,8 +227,9 @@
     <param pos="0" name="os.version" value="8.0"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:8.0"/>
   </fingerprint>
+
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-9wheezy\w+-Debian$">
-    <description>ISC BIND: Debian Wheezy</description>
+    <description>ISC BIND: Debian 7.0 (wheezy)</description>
     <example service.version="9.9.5">9.9.5-9wheezy1-Debian</example>
     <param pos="0" name="service.vendor" value="ISC"/>
     <param pos="0" name="service.family" value="BIND"/>
@@ -182,6 +242,7 @@
     <param pos="0" name="os.version" value="7.0"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:7.0"/>
   </fingerprint>
+
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-(?:[\d\.]+-)?Debian$">
     <description>ISC BIND: Debian no version simple</description>
     <example service.version="9.10.3-P4">9.10.3-P4-Debian</example>
@@ -197,6 +258,7 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
   </fingerprint>
+
   <fingerprint pattern="^(9\.\d{1,2}\.\d{1,2}-rpz\d?[+.]rl[\d.]+(?:-[SPW]\d+)?)$">
     <description>ISC BIND: Response Policy Zone and Request Limiting patches</description>
     <example service.version="9.8.4-rpz2+rl005.12-P1">9.8.4-rpz2+rl005.12-P1</example>
@@ -207,6 +269,7 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^DNS Server BIND (9\.\d{1,2}-ESV(?:-R\d+)?(?:-[SPW]\d+)?)$">
     <description>ISC BIND: ESV</description>
     <example service.version="9.6-ESV-R7-P2">DNS Server BIND 9.6-ESV-R7-P2</example>
@@ -216,10 +279,12 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
   </fingerprint>
+
   <!--
     FP below might be overly specific, trying to avoid false positive when
     matching cross-service/protocol.
   -->
+
   <fingerprint pattern="^(?:BIND )?([89]\.[\d\.]+(?:[ab]\d+)?(?:-ESV(?:-R\d+)?)?(?:-[SPW][\d\.]+)?(?:-REL)?(?:-[W]\d+)?(?:rc\d)?)(?:-NOESW)?$">
     <description>ISC BIND: bare release number - ESV REL NOESW</description>
     <example service.version="9.7.0-P1">9.7.0-P1</example>
@@ -242,6 +307,7 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^dnsmasq-(\d.[\w\.]+)$">
     <description>dnsmasq: simple</description>
     <example service.version="2.40">dnsmasq-2.40</example>
@@ -254,6 +320,7 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:thekelleys:dnsmasq:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^dnsmasq-(\d.[\w]+-\d)-ubnt\d$">
     <description>dnsmasq: Ubiquiti</description>
     <example service.version="2.76-1">dnsmasq-2.76-1-ubnt2</example>
@@ -266,7 +333,9 @@
     <!-- Not including more info at this time as I'm not sure this doesn't
          run on products other than EdgeRouter.
     -->
+
   </fingerprint>
+
   <fingerprint pattern="^dnsmasq-(\d.[\w]+)-OpenDNS-\d$">
     <description>dnsmasq: OpenDNS variant</description>
     <example service.version="2.15">dnsmasq-2.15-OpenDNS-1</example>
@@ -278,7 +347,9 @@
     <!-- Seems to correlate with OpenWRT and Netgear but I haven't been able
          to verify that it isn't used elsewhere.
     -->
+
   </fingerprint>
+
   <fingerprint pattern="^dnsmasq-?(?:UNKNOWN)?$">
     <description>dnsmasq: no version</description>
     <example>dnsmasq-UNKNOWN</example>
@@ -289,6 +360,7 @@
     <param pos="0" name="service.product" value="Dnsmasq"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:thekelleys:dnsmasq:-"/>
   </fingerprint>
+
   <fingerprint pattern="^PowerDNS Recursor (\d\.[\d.]+(?:-\w+)?) \(\w+@[\w.]+ built \d+ \w+@[\w.-]*\)$">
     <description>PowerDNS Recursor</description>
     <example service.version="3.6.2">PowerDNS Recursor 3.6.2 (jenkins@autotest.powerdns.com built 20141031140810 mockbuild@)</example>
@@ -299,6 +371,7 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:powerdns:recursor:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^PowerDNS Recursor (\d\.[\d.]+) \(built [\w\s:]+ by [\w]+\@[\w.-]*\)$">
     <description>PowerDNS Recursor: format 2</description>
     <example service.version="4.0.4">PowerDNS Recursor 4.0.4 (built Apr 13 2017 09:59:06 by root@oof-e.baz.foo.bar)</example>
@@ -308,6 +381,7 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:powerdns:recursor:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^PowerDNS Recursor (\d\.[\d.]+(?:-\w+)?)$">
     <description>PowerDNS Recursor: version only</description>
     <example service.version="4.0.4">PowerDNS Recursor 4.0.4</example>
@@ -318,6 +392,7 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:powerdns:recursor:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^PowerDNS Recursor (\d\.[\d.]+) \$Id[^$]*\$$">
     <description>PowerDNS Recursor: ID format</description>
     <example service.version="3.5.3">PowerDNS Recursor 3.5.3 $Id$</example>
@@ -328,6 +403,7 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:powerdns:recursor:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^PowerDNS Recursor$">
     <description>PowerDNS Recursor: no version</description>
     <example>PowerDNS Recursor</example>
@@ -336,6 +412,7 @@
     <param pos="0" name="service.product" value="Recursor"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:powerdns:recursor:-"/>
   </fingerprint>
+
   <fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\d.]+(?:-rc\d)?) \(\w+@[\w.]+ built [\d\s]+\w*@[\w.-]*\)$">
     <description>PowerDNS Authoritative Server</description>
     <example service.version="3.4.19">PowerDNS Authoritative Server 3.4.19 (jenkins@autotest.powerdns.com built 20160102220341 root@)</example>
@@ -349,19 +426,22 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
   </fingerprint>
-  <fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?) \(built [\w\s:]+ by [\w]+\@[\w.-:-]*\)$">
+
+  <fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\w.]+(?:-rc\d)?(?:-alpha\d)?(?:-beta\d)?[^ ]*) \(built [\w\s:]+ by [\w]+\@[\w.-:-]*\)$">
     <description>PowerDNS Authoritative Server: format 2</description>
     <example service.version="4.0.4">PowerDNS Authoritative Server 4.0.4 (built Jul 26 2017 15:04:27 by root@FreeBSD:11:amd64-default-job-03)</example>
     <example service.version="4.0.0-rc2">PowerDNS Authoritative Server 4.0.0-rc2 (built Jul  4 2016 15:44:39 by root@foo-bar.baz)</example>
     <example service.version="4.0.0-alpha2">PowerDNS Authoritative Server 4.0.0-alpha2 (built Feb 01 2016 00:12:05 by buildbot@baz)</example>
     <example service.version="4.0.0-beta1">PowerDNS Authoritative Server 4.0.0-beta1 (built Feb 01 2016 00:00:00 by buildbot@baz)</example>
     <example service.version="0.0.g56d692a">PowerDNS Authoritative Server 0.0.g56d692a (built Feb 25 2017 13:10:19 by root@foo-bar.baz)</example>
+    <example service.version="4.2.0-rc2.995.master.g8cc411dc4">PowerDNS Authoritative Server 4.2.0-rc2.995.master.g8cc411dc4 (built Nov  6 2019 11:48:12 by root@foo-bar.baz)</example>
     <param pos="0" name="service.vendor" value="PowerDNS"/>
     <param pos="0" name="service.family" value="PowerDNS"/>
     <param pos="0" name="service.product" value="Authoritative Server"/>
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^PowerDNS Authoritative Server (\d\.[\d.]+(?:-\w+)?)$">
     <description>PowerDNS Authoritative Server: version only</description>
     <example service.version="4.0.0">PowerDNS Authoritative Server 4.0.0</example>
@@ -372,12 +452,14 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="service.cpe23" value="cpe:/a:powerdns:authoritative_server:{service.version}"/>
   </fingerprint>
+
   <!-- PowerDNS returns 'Served by ...' when the 'version-string' configuration
        value / arguement is set to 'powerdns'. If this value is set to
        'anonymous' then PowerDNS will return a ServFail DNS response
        The matches below are *probably* Authoritative Server but we can't be
        sure.
   -->
+
   <fingerprint pattern="^Served by POWERDNS (\d\.[\d.]+) \$Id[^$]*\$$">
     <description>PowerDNS: Served by format with version</description>
     <example service.version="2.9.22">Served by POWERDNS 2.9.22 $Id: packethandler.cc 1321 2008-12-06 19:44:36Z ahu $</example>
@@ -385,6 +467,7 @@
     <param pos="0" name="service.family" value="PowerDNS"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^Served by PowerDNS - https?:\/\/www.powerdns.com\/?$">
     <description>PowerDNS: Served by format without version</description>
     <example>Served by PowerDNS - https://www.powerdns.com/</example>
@@ -392,6 +475,7 @@
     <param pos="0" name="service.vendor" value="PowerDNS"/>
     <param pos="0" name="service.family" value="PowerDNS"/>
   </fingerprint>
+
   <fingerprint pattern="^Nominum Vantio(?: CacheServe)? ([\d.]+)$">
     <description>Nominum Vantio CacheServe</description>
     <example service.version="4.3.0.2">Nominum Vantio 4.3.0.2</example>
@@ -401,15 +485,17 @@
     <param pos="0" name="service.product" value="CacheServe"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^Nominum Vantio ([\d.]+) \(build (\d+)\)$">
     <description>Nominum Vantio CacheServe, with build</description>
-    <example service.version.version="114872">Nominum Vantio 5.4.5.1 (build 114872)</example>
+    <example service.version="5.4.5.1" service.version.version="114872">Nominum Vantio 5.4.5.1 (build 114872)</example>
     <param pos="0" name="service.vendor" value="Nominum"/>
     <param pos="0" name="service.family" value="Vantio"/>
     <param pos="0" name="service.product" value="CacheServe"/>
     <param pos="1" name="service.version"/>
     <param pos="2" name="service.version.version"/>
   </fingerprint>
+
   <fingerprint pattern="^Nominum ANS(?:Premier)? ([\d\.]+)$">
     <description>Nominum Vantio AuthServ</description>
     <example service.version="5.4.0.0">Nominum ANS 5.4.0.0</example>
@@ -419,6 +505,7 @@
     <param pos="0" name="service.product" value="AuthServ"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^NSD ([\d.]*(?:b\d+)?)$">
     <description>NLnet Labs Name Server Daemon</description>
     <example service.version="3.2.18">NSD 3.2.18</example>
@@ -429,7 +516,9 @@
     <param pos="0" name="service.family" value="NSD"/>
     <param pos="0" name="service.product" value="dnsd"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:name_server_daemon:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^unbound ([\d.]+)$">
     <description>NLnet Labs Unbound</description>
     <example service.version="1.4.22">unbound 1.4.22</example>
@@ -437,14 +526,32 @@
     <param pos="0" name="service.family" value="Unbound"/>
     <param pos="0" name="service.product" value="unbound"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^(?i:unbound)$">
     <description>NLnet Labs Unbound no version string</description>
     <example>unbound</example>
     <param pos="0" name="service.vendor" value="NLnet Labs"/>
     <param pos="0" name="service.family" value="Unbound"/>
     <param pos="0" name="service.product" value="unbound"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:nlnetlabs:unbound:-"/>
   </fingerprint>
+
+  <fingerprint pattern="^(?:BIND )?(9.[^-]+(?:-[SP]\d)?)(?:-[\d\.]+)?\+deb10u\d+-Raspbian$">
+    <description>ISC BIND: Raspbian based on Debian Buster</description>
+    <example service.version="9.11.5-P4">9.11.5-P4-5.1+deb10u1-Raspbian</example>
+    <param pos="0" name="service.vendor" value="ISC"/>
+    <param pos="0" name="service.family" value="BIND"/>
+    <param pos="0" name="service.product" value="BIND"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:isc:bind:{service.version}"/>
+    <param pos="0" name="os.vendor" value="Raspbian"/>
+    <param pos="0" name="os.family" value="Linux"/>
+    <param pos="0" name="os.product" value="Linux"/>
+    <param pos="0" name="os.version" value="10.0"/>
+  </fingerprint>
+
   <fingerprint pattern="^(?:BIND )?(9.[^-]+(?:-[SP]\d)?)-9\+deb8u\d+-Raspbian$">
     <description>ISC BIND: Raspbian based on Debian Jessie</description>
     <example service.version="9.9.5">9.9.5-9+deb8u7-Raspbian</example>
@@ -459,6 +566,7 @@
     <param pos="0" name="os.product" value="Linux"/>
     <param pos="0" name="os.version" value="8.0"/>
   </fingerprint>
+
   <fingerprint pattern="^(9.[^-]+(?:-[SP]\d)?)-(?:\d-)?Raspbian$">
     <description>ISC BIND: Raspbian based on Debian Jessie no version simple</description>
     <example service.version="9.10.3-P4">9.10.3-P4-Raspbian</example>
@@ -471,15 +579,18 @@
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="Linux"/>
   </fingerprint>
+
   <fingerprint pattern="^Knot DNS ([\d.]+(?:-dev)?)$">
     <description>Knot DNS</description>
     <example service.version="1.6.0">Knot DNS 1.6.0</example>
     <example service.version="2.5.0-dev">Knot DNS 2.5.0-dev</example>
     <param pos="0" name="service.vendor" value="cz.nic"/>
     <param pos="0" name="service.family" value="Knot"/>
-    <param pos="0" name="service.product" value="DNS"/>
+    <param pos="0" name="service.product" value="Knot DNS"/>
     <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:knot-dns:knot_dns:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^UltraDNS Resolver$">
     <description>Neustar UltraDNS Resolver</description>
     <example>UltraDNS Resolver</example>
@@ -487,6 +598,7 @@
     <param pos="0" name="service.family" value="UltraDNS"/>
     <param pos="0" name="service.product" value="Resolver"/>
   </fingerprint>
+
   <fingerprint pattern="^UltraDNS TLD Platform - www\.ultradns\.com$">
     <description>Neustar UltraDNS TLD Platform</description>
     <example>UltraDNS TLD Platform - www.ultradns.com</example>
@@ -494,24 +606,25 @@
     <param pos="0" name="service.family" value="UltraDNS"/>
     <param pos="0" name="service.product" value="Resolver"/>
   </fingerprint>
+
   <!-- For Microsoft OSes the build number applies to the family. For example,
        6.3.9600 is used by Windows 8.1 Update 1 as well as Windows 2012 R2. We
        are assuming that the server version of the OS is what we are
        fingerprinting since installation of the DNS service on the workstation
        class OS would be unlikely and difficult if possible at all.
-
        DNS version response is disabled by default on modern Windows versions
        and the detail in the response is controlled via the EnableVersionQuery
        setting.
-
        The to enable version response on modern versions is:
        dnscmd /config /EnableVersionQuery 1
   -->
+
   <fingerprint pattern="^Microsoft DNS (10.0.\d+)(?: \(\w+\))?$">
     <description>Microsoft DNS on Windows 2016: GA</description>
     <!-- Windows 10 / 2016 moved towards a rolling release so capturing build
          is required unlike other Windows versions where we use a fixed string.
     -->
+
     <example service.version="10.0.14393" os.build="10.0.14393">Microsoft DNS 10.0.14393 (383900CE)</example>
     <param pos="0" name="service.vendor" value="Microsoft"/>
     <param pos="0" name="service.family" value="DNS"/>
@@ -523,6 +636,7 @@
     <param pos="1" name="os.build"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
   </fingerprint>
+
   <fingerprint pattern="^Microsoft DNS 6.3.9600(?: \(\w+\))?$">
     <description>Microsoft DNS on Windows 2012 R2</description>
     <example>Microsoft DNS 6.3.9600 (25804825)</example>
@@ -536,6 +650,7 @@
     <param pos="0" name="os.build" value="6.3.9600"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
   </fingerprint>
+
   <fingerprint pattern="^Microsoft DNS 6.2.9200(?: \(\w+\))?$">
     <description>Microsoft DNS on Windows 2012</description>
     <example>Microsoft DNS 6.2.9200 (23F04000)</example>
@@ -549,6 +664,7 @@
     <param pos="0" name="os.build" value="6.2.9200"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2012:-"/>
   </fingerprint>
+
   <fingerprint pattern="^Microsoft DNS 6.1.7601(?: \(\w+\))?$">
     <description>Microsoft DNS on Windows 2008 R2 Service Pack 1</description>
     <example>Microsoft DNS 6.1.7601 (1DB15CD4)</example>
@@ -564,6 +680,7 @@
     <param pos="0" name="os.build" value="6.1.7601"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 1"/>
   </fingerprint>
+
   <fingerprint pattern="^Microsoft DNS 6.1.7600(?: \(\w+\))?$">
     <description>Microsoft DNS on Windows 2008 R2</description>
     <example>Microsoft DNS 6.1.7600 (1DB04228)</example>
@@ -577,6 +694,35 @@
     <param pos="0" name="os.build" value="6.1.7600"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:-"/>
   </fingerprint>
+
+  <!-- This value is a spoofed value. There isn't a publicly available version
+       of Windows with build 6.0.6100 and this explicit string is used in an
+       example of how to change your version on BIND. We tested servers reporting
+       this string and NONE of them were Windows DNS.
+       This fingerprint serves to prevent someone who doesn't know from creating
+       one and stops further pattern matching efforts.
+  -->
+
+  <fingerprint pattern="^Microsoft DNS 6.0.6100 \(2AEF76E\)$">
+    <description>SPOOFED - Microsoft DNS on Windows 2008 SP something</description>
+    <example>Microsoft DNS 6.0.6100 (2AEF76E)</example>
+  </fingerprint>
+
+  <fingerprint pattern="^Microsoft DNS 6.0.6003(?: \(\w+\))?$">
+    <description>Microsoft DNS on Windows 2008 Service Pack 2 - Preview Rollup KB4489887 and later</description>
+    <example>Microsoft DNS 6.0.6003 (1773501D)</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.family" value="DNS"/>
+    <param pos="0" name="service.product" value="DNS"/>
+    <param pos="0" name="service.version" value="6.0.6003"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows Server 2008"/>
+    <param pos="0" name="os.version" value="Service Pack 2"/>
+    <param pos="0" name="os.build" value="6.0.6003"/>
+    <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
+  </fingerprint>
+
   <fingerprint pattern="^Microsoft DNS 6.0.6002(?: \(\w+\))?$">
     <description>Microsoft DNS on Windows 2008 Service Pack 2</description>
     <example>Microsoft DNS 6.0.6002 (17724D35)</example>
@@ -591,6 +737,7 @@
     <param pos="0" name="os.build" value="6.0.6002"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 2"/>
   </fingerprint>
+
   <fingerprint pattern="^Microsoft DNS 6.0.6001(?: \(\w+\))?$">
     <description>Microsoft DNS on Windows 2008 Service Pack 1</description>
     <example>Microsoft DNS 6.0.6001 (17714726)</example>
@@ -605,12 +752,14 @@
     <param pos="0" name="os.build" value="6.0.6001"/>
     <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2008:Service Pack 1"/>
   </fingerprint>
+
   <fingerprint pattern="^DNSServer$">
     <description>Synology DNS service</description>
     <example>DNSServer</example>
     <param pos="0" name="service.vendor" value="Synology"/>
     <param pos="0" name="service.family" value="DSM"/>
-    <param pos="0" name="service.product" value="DNS"/>
+    <param pos="0" name="service.product" value="DNS Server"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:synology:dns_server:-"/>
     <param pos="0" name="os.device" value="NAS"/>
     <param pos="0" name="os.family" value="Linux"/>
     <param pos="0" name="os.product" value="DSM"/>
@@ -618,6 +767,7 @@
     <param pos="0" name="hw.vendor" value="Synology"/>
     <param pos="0" name="hw.device" value="NAS"/>
   </fingerprint>
+
   <fingerprint pattern="^Incognito DNS Service ([\d\.]+) \(built">
     <description>Incognito DNS Service</description>
     <example service.version="6.4.4.2">Incognito DNS Service 6.4.4.2 (built Aug 10 2015) [up=15d30902s, ser=9876]</example>
@@ -626,6 +776,7 @@
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^(?i:djbdns)[\s-](\d.\d+)$">
     <description>djbdns</description>
     <example service.version="1.05">djbdns 1.05</example>
@@ -636,6 +787,7 @@
     <param pos="0" name="service.product" value="djbdns"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^(?i:djbdns)$">
     <description>djbdns: no version</description>
     <example>DJBDNS</example>
@@ -644,6 +796,7 @@
     <param pos="0" name="service.family" value="djbdns"/>
     <param pos="0" name="service.product" value="djbdns"/>
   </fingerprint>
+
   <fingerprint pattern="^rbldnsd (\d[\.\w\/-]+) \(\d\d \w\w\w \d\d\d\d\)$">
     <description>rbldnsd</description>
     <example service.version="0.997a">rbldnsd 0.997a (23 Jul 2013)</example>
@@ -654,6 +807,7 @@
     <param pos="0" name="service.product" value="rbldnsd"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^ALU DNS ([\d\.]+) Build (\d+)$">
     <description>ALU (Alcatel Lucent?) DNS</description>
     <example service.version="6.2">ALU DNS 6.2 Build 22</example>
@@ -664,6 +818,7 @@
     <param pos="1" name="service.version"/>
     <param pos="2" name="service.version.version"/>
   </fingerprint>
+
   <fingerprint pattern="^DraytekDNS-v([\d\.]+)$">
     <description>DrayTek DNS</description>
     <example service.version="1.2.3006">DraytekDNS-v1.2.3006</example>
@@ -673,15 +828,18 @@
     <param pos="1" name="service.version"/>
     <param pos="0" name="hw.vendor" value="DrayTek"/>
   </fingerprint>
+
   <fingerprint pattern="^Atlas Anchor ([\d\.]+)$">
     <description>Ripe ATLAS Anchor</description>
     <!-- https://atlas.ripe.net/docs/anchors/ -->
+
     <example service.version="0.1">Atlas Anchor 0.1</example>
     <param pos="0" name="service.vendor" value="RIPE"/>
     <param pos="0" name="service.family" value="Atlas Anchor"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^ZyWALL DNS$">
     <description>ZyWALL DNS</description>
     <example>ZyWALL DNS</example>
@@ -690,6 +848,7 @@
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="0" name="hw.vendor" value="Zyxel"/>
   </fingerprint>
+
   <fingerprint pattern="^Array SmartDNS$">
     <description>Array Networks SmartDNS</description>
     <example>Array SmartDNS</example>
@@ -697,13 +856,16 @@
     <param pos="0" name="service.family" value="APV"/>
     <param pos="0" name="service.product" value="SmartDNS"/>
   </fingerprint>
+
   <fingerprint pattern="^gdnsd$">
     <description>gdnsd</description>
     <example>gdnsd</example>
-    <param pos="0" name="service.vendor" value="Brandon Black"/>
+    <param pos="0" name="service.vendor" value="gdnsd"/>
     <param pos="0" name="service.family" value="gdnsd"/>
     <param pos="0" name="service.product" value="gdnsd"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:gdnsd:gdnsd:-"/>
   </fingerprint>
+
   <fingerprint pattern="^Hi: [\w\.: =]+\d{4}$">
     <description>OzymanDNS DNS tunnel</description>
     <example>Hi:  Thu Aug 17 23:29:10 2017</example>
@@ -712,6 +874,7 @@
     <param pos="0" name="service.family" value="OzymanDNS"/>
     <param pos="0" name="service.product" value="OzymanDNS"/>
   </fingerprint>
+
   <fingerprint pattern="^Meta IP[\s\/]DNS (?:V[\d\.]+ )?- BIND V([\d\.]+(?:-REL)?) \(Build (\d+)\s?\)$">
     <description>Check Point Meta IP</description>
     <example service.version="8.2.7-REL">Meta IP DNS - BIND V8.2.7-REL (Build 31)</example>
@@ -722,40 +885,51 @@
     <param pos="1" name="service.version"/>
     <param pos="2" name="service.version.version"/>
   </fingerprint>
+
   <fingerprint pattern="^CleanBrowsing v([^ ]+) - (.*)">
     <description>CleanBrowsing DNS Server</description>
-    <example service.vendor="CleanBrowsing" service.family="CleanBrowsing" service.version="1.5a" service.node="dns-edge-usa-west-sunnyvale-p">CleanBrowsing v1.5a - dns-edge-usa-west-sunnyvale-p</example>
-    <example service.vendor="CleanBrowsing" service.family="CleanBrowsing" service.version="1.4a" service.node="dns-edge-usa-west-sunnyvale.cleanbrowsing.org">CleanBrowsing v1.4a - dns-edge-usa-west-sunnyvale.cleanbrowsing.org</example>
+    <example service.version="1.5a" service.node="dns-edge-usa-west-sunnyvale-p">CleanBrowsing v1.5a - dns-edge-usa-west-sunnyvale-p</example>
+    <example service.version="1.4a" service.node="dns-edge-usa-west-sunnyvale.cleanbrowsing.org">CleanBrowsing v1.4a - dns-edge-usa-west-sunnyvale.cleanbrowsing.org</example>
     <param pos="0" name="service.vendor" value="CleanBrowsing"/>
     <param pos="0" name="service.family" value="CleanBrowsing"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="1" name="service.version"/>
     <param pos="2" name="service.node"/>
   </fingerprint>
+
   <fingerprint pattern="^dnsmasq-pi-hole-(.*)$">
     <description>dnsmasq: pi-hole</description>
-    <example os.vendor="Pi-hole" service.vendor="Thekelleys" service.family="Dnsmasq" service.product="Dnsmasq" os.version="2.80" os.cpe23="cpe:/a:pi-hole:pi-hole:2.80" service.cpe23="cpe:/a:thekelleys:dnsmasq:-">dnsmasq-pi-hole-2.80</example>
-    <param pos="0" name="os.vendor" value="Pi-hole"/>
-    <param pos="0" name="service.vendor" value="Thekelleys"/>
-    <param pos="0" name="service.family" value="Dnsmasq"/>
-    <param pos="0" name="service.product" value="Dnsmasq"/>
-    <param pos="1" name="os.version"/>
-    <param pos="0" name="os.cpe23" value="cpe:/a:pi-hole:pi-hole:{os.version}"/>
-    <param pos="0" name="service.cpe23" value="cpe:/a:thekelleys:dnsmasq:-"/>
+    <example service.version="2.80">dnsmasq-pi-hole-2.80</example>
+    <param pos="0" name="service.vendor" value="Pi-hole"/>
+    <param pos="0" name="service.family" value="Pi-hole"/>
+    <param pos="0" name="service.product" value="Pi-hole"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.cpe23" value="cpe:/a:pi-hole:pi-hole:{service.version}"/>
   </fingerprint>
+
   <fingerprint pattern="^Q9-[^\-]-(.*)$">
     <description>Quad9 Resolver</description>
-    <example service.vendor="IBM" service.family="Quad9" service.product="DNS" service.version="6.0">Q9-P-6.0</example>
+    <example service.version="6.0">Q9-P-6.0</example>
     <param pos="0" name="service.vendor" value="IBM"/>
     <param pos="0" name="service.family" value="Quad9"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
+
   <fingerprint pattern="^keweonDNS v\.(.*)$">
     <description>Keweon DNS</description>
-    <example service.vendor="Keweon" service.product="DNS" service.version="9.63.7201">keweonDNS v.9.63.7201</example>
+    <example service.version="9.63.7201">keweonDNS v.9.63.7201</example>
     <param pos="0" name="service.vendor" value="Keweon"/>
     <param pos="0" name="service.product" value="DNS"/>
     <param pos="1" name="service.version"/>
   </fingerprint>
-</fingerprints>
+
+  <fingerprint pattern="^Version: recursive-main/(\d+)$">
+    <description>Akamai AnswerX DNS server</description>
+    <example service.version="22386077">Version: recursive-main/22386077</example>
+    <param pos="0" name="service.vendor" value="Akamai"/>
+    <param pos="0" name="service.product" value="AnswerX"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+
+</fingerprints>