$Id: CHANGES,v 1.11 1997/10/06 13:27:37 barr Exp barr $ Version 2.0.2 Silly bug in output, SOA= was listing the domain, not the master. Reported by Jeff Miller . dnswalk now checks to see that target of MX, CNAME and NS are a hostname, not an IP addr. Version 2.0.1 Regexp bug in 'makereports' script. (chopped off last charcter of contact address). Version 2.0.0 (beta) Ported to Net::DNS. Now no longer relies on 'dig'. Some less-used error messages removed, such as the 'double domain' check. dnswalk now no longer saves zone transferrs to local files, due to the fact that dnswalk no longer uses 'dig'. The zone transfer itself doesn't take that long -- mostly it's CPU time churning on what comes in. I may add it back if there's enough demand (using the "Storage" perl package, like what is used by the Net::DNS package's examples) Added 'WARN', 'FAIL', and 'BAD' prefixes to error messages, to indicate some level of 'badness' associated with a particular message. Makes machine parsing easier, as well as human interpreting. ('FAIL' was called 'ERROR' before beta release). dnswalk now exits with a return code equal to the number of 'BAD' things found. (from an request by Dave Crocker) dnswalk (with -F fascist checking) no longer gives A record warnings with hosts like "neptune" and "neptune-le0" (it treats them as the same host). Formerly it would warn that A record for neptune-le0 "points to" neptune. (this is a common situation with multi-homed hosts, where A records pointing just to individual interfaces are used). Anything "host-something" is treated the same as "host". (request from David Nelson ) perform some rudimentary checks on SOA contact field. (99% of the time the error is someone forgetting you have to replace the "@" sign in the email address with a ".".) Reformatted the code to be a bit more readable. Version 1.8.3 Miscellaneous fixes, getautservers(). Condensed code. Hack added to ignore RFC 1101 netmasks encoding. Assigning $1 wasn't working, use local variable. Patch from Mark Andrews . New Perl script "makereports" included to take output and generate reports for each hostmaster for the problems within his/her zone. Suggestion by marka@syd.dms.CSIRO.AU (Mark Andrews) to only check for invalid characters on A or MX records. I could probably do two-level checking, one for 1033 compliance on all records and 1035 compliance on mail-able names (A and MX). However this is a reasonable compromise for now. Version 1.8.2 Fixed spelling errors and shoddy syntax in getauthservers(), from Jost Krieger Accounted for Solaris's broken gethostbyname() which includes trailing dots in retuned name. Minor fixes in lame delegation checking, and getauthservers(). Version 1.8.1 One-line fix to remove reference to non-existent parameter to getmaster(). Reported by petri@ibr.cs.tu-bs.de (Stefan Petri). Version 1.8 Typos, documentation corrections, additions to TIPS as well as stuff for TODO from Piete Brooks . Patch from Thorsten Lockert : remove directory if zone transfer fails. Fixed getauthservers() routine. Sometimes had list of servers which contained each server listed twice. Also fixed it to use the 'master server' field of the SOA record as a 'hint' to which server to check first. Fixed typo in dot-death checking. Error message forgot \n. Added -D flag to set base directory for saved axfr files. Version 1.7 Added "_" to list of invalid characters in a hostname. (Painful because we have hundreds of PCs and Macs here with one.) Can now be supressed with '-i' option (whew). Fixed wildcard RR's being marked as having invalid characters. (Thanks to Paul Turner for reporting it) Changed how the return codes for gethostby*() routines were being checked. Added caveat in README about herror(). Thanks to Bill Fenner Suppresses duplicate error message per zone. Idea from Paul Turner. Checks for dom.ain.dom.ain. in data, in case someone forgot the trailing '.'. Finally added a man page. Trimmed out redundant information from the README file. Version 1.6 removed -c switch, since I thought it would work a long time ago, but later found out it could never be made to work. Well, it could, just not very nicely. (nor efficiently) Fixed bug with parsing of dig output. Newer dig has slightly different output, causing serial numbers to not be pulled out. Changed the do-dnswalk script to use exec > logfile instead of redirecting every invocation to a logfile. Idea from Dan Ehrlich. Fixed problem with dnswalk using old list of subdomains in axfr file, ignoring the new zone transfer if it was needed. Accounted for annoying behavior of new dig to print duplicate SOA's. Documented nameserver error reporting. Version 1.5 added -F switch. This performs "fascist" checking. For every A record, it checks to see that it actually points to the canonical name listed for the PTR and reports mismatches. Try this switch at least once to see what kind of things pop up. (You may be surprised) added -m switch. Performs check on zone only if it has been modified (serial number changed) since the previous run. changed format of messages to be shorter and more precise. (and hopefully easier to read) Read the README section for a full description. warns if a zone has only one authoratative nameserver *** in later versions of 1.3, not posted here, but available for ftp, there was a bad bug which caused erroneous warnings about having only one nameserver. (was using the wrong variable) reports any errors listed in dig zone transfer output. (usually caused by a corrupted zone file, or invalid syntax in data; for example only one field in an HINFO record.) now reports any resolver errors from gethostbyname and gethostbyaddr. (for example, a server timeout, connection refused, etc) sorts output by zone (correctly -- some versions of 1.3 didn't quite do this right) displays server of authority and zone contact for each zone it checks. I've now included a 'do-dnswalk' script that is an example wrapper that I use around dnswalk to turn on status debugging and put the results in a log file. Salt to taste.