$Id: CHANGES,v 1.11 1997/10/06 13:27:37 barr Exp barr $

Version 2.0.2

Silly bug in output, SOA= was listing the domain, not the master.
Reported by Jeff Miller <jmiller@smart.net>.

dnswalk now checks to see that target of MX, CNAME and NS are a hostname,
not an IP addr.

Version 2.0.1

Regexp bug in 'makereports' script.  (chopped off last charcter of
contact address).

Version 2.0.0 (beta)

Ported to Net::DNS.  Now no longer relies on 'dig'.  Some less-used
error messages removed, such as the 'double domain' check.

dnswalk now no longer saves zone transferrs to local files, due to
the fact that dnswalk no longer uses 'dig'.  The zone transfer itself
doesn't take that long -- mostly it's CPU time churning on what comes
in.  I may add it back if there's enough demand (using the "Storage"
perl package, like what is used by the Net::DNS package's examples)

Added 'WARN', 'FAIL', and 'BAD' prefixes to error messages, to indicate
some level of 'badness' associated with a particular message.  Makes
machine parsing easier, as well as human interpreting.  ('FAIL'
was called 'ERROR' before beta release).

dnswalk now exits with a return code equal to the number of 'BAD' things
found.  (from an request by Dave Crocker)

dnswalk (with -F fascist checking) no longer gives A record warnings
with hosts like "neptune" and "neptune-le0" (it treats them as the
same host).  Formerly it would warn that A record for neptune-le0
"points to" neptune.  (this is a common situation with multi-homed
hosts, where A records pointing just to individual interfaces are used).
Anything "host-something" is treated the same as "host".  (request
from David Nelson <dnelson@iphase.com>)

perform some rudimentary checks on SOA contact field.  (99% of
the time the error is someone forgetting you have to replace the
"@" sign in the email address with a ".".)

Reformatted the code to be a bit more readable.

Version 1.8.3
Miscellaneous fixes,  getautservers().  Condensed code.

Hack added to ignore RFC 1101 netmasks encoding.

Assigning $1 wasn't working, use local variable.  Patch from Mark
Andrews <Mark.Andrews@dms.csiro.au>.

New Perl script "makereports" included to take output and generate
reports for each hostmaster for the problems within his/her zone.

Suggestion by marka@syd.dms.CSIRO.AU (Mark Andrews) to only
check for invalid characters on A or MX records.  I could probably
do two-level checking, one for 1033 compliance on all records
and 1035 compliance on mail-able names (A and MX).  However
this is a reasonable compromise for now.

Version 1.8.2
Fixed spelling errors and shoddy syntax in getauthservers(), from
Jost Krieger <Jost.Krieger@rz.ruhr-uni-bochum.de>

Accounted for Solaris's broken gethostbyname() which includes trailing
dots in retuned name.

Minor fixes in lame delegation checking, and getauthservers().

Version 1.8.1
One-line fix to remove reference to non-existent parameter to getmaster().
Reported by petri@ibr.cs.tu-bs.de (Stefan Petri).

Version 1.8
Typos, documentation corrections, additions to TIPS as well as
stuff for TODO from Piete Brooks <Piete.Brooks@cl.cam.ac.uk>.

Patch from Thorsten Lockert <tholo@sigmasoft.com>: remove directory
if zone transfer fails.

Fixed getauthservers() routine.  Sometimes had list of servers
which contained each server listed twice.  Also fixed it to
use the 'master server' field of the SOA record as a 'hint'
to which server to check first.

Fixed typo in dot-death checking.  Error message forgot \n.

Added -D flag to set base directory for saved axfr files.

Version 1.7
Added "_" to list of invalid characters in a hostname.  (Painful
because we have hundreds of PCs and Macs here with one.)  Can
now be supressed with '-i' option (whew).

Fixed wildcard RR's being marked as having invalid characters.
(Thanks to Paul Turner <turner@telstar.kodak.com> for reporting it)

Changed how the return codes for gethostby*() routines were being
checked.  Added caveat in README about herror().  Thanks to Bill Fenner

Suppresses duplicate error message per zone.  Idea from Paul Turner.

Checks for dom.ain.dom.ain. in data, in case someone forgot the
trailing '.'.

Finally added a man page.  Trimmed out redundant information
from the README file.

Version 1.6
removed -c switch, since I thought it would work a long time ago, but
later found out it could never be made to work.  Well, it could, just
not very nicely.  (nor efficiently)

Fixed bug with parsing of dig output.  Newer dig has slightly different
output, causing serial numbers to not be pulled out.

Changed the do-dnswalk script to use exec > logfile instead of
redirecting every invocation to a logfile.  Idea from Dan Ehrlich.

Fixed problem with dnswalk using old list of subdomains in axfr file,
ignoring the new zone transfer if it was needed.

Accounted for annoying behavior of new dig to print duplicate SOA's.

Documented nameserver error reporting.

Version 1.5

added -F switch.  This performs "fascist" checking.  For every A record,
it checks to see that it actually points to the canonical name listed
for the PTR and reports mismatches.  Try this switch at least once to see
what kind of things pop up.  (You may be surprised)

added -m switch.  Performs check on zone only if it has been modified
(serial number changed) since the previous run.

changed format of messages to be shorter and more precise.  (and hopefully
easier to read)  Read the README section for a full description.

warns if a zone has only one authoratative nameserver
*** in later versions of 1.3, not posted here, but available for ftp,
there was a bad bug which caused erroneous warnings about having only
one nameserver.  (was using the wrong variable)

reports any errors listed in dig zone transfer output.  (usually
caused by a corrupted zone file, or invalid syntax in data; for example
only one field in an HINFO record.)

now reports any resolver errors from gethostbyname and gethostbyaddr.
(for example, a server timeout, connection refused, etc)

sorts output by zone (correctly -- some versions of 1.3 didn't quite do
this right)

displays server of authority and zone contact for each zone it checks.

I've now included a 'do-dnswalk' script that is an example wrapper
that I use around dnswalk to turn on status debugging and put the
results in a log file.  Salt to taste.