2001-06-16 Martin Mares * sleuth (check_name): "IP address found instead of name" check added to clarify most "all-digit name" error messages. * sleuth (check_reverse): Corrected references to RFC 1912. Also fixed the private address check and turned it to a warning. * sleuth (check_zone): SRV records with empty destination and wildcard SRV records are valid. * sleuth (check_zone): Better checks for wildcard records, no more false alarms. * sleuth (resolve): Added authoritative answer checks (required f.e. for localhost records). * Released as version 1.3. 2001-06-15 Martin Mares * sleuth: Fixed a small bug in switching of nameservers. Nameserver sanity check messages now indicate which nameserver we're testing. Comparison of origin servers etc. is now really case insensitive. 2001-06-14 Martin Mares * check.cgi: Declare non-transitional DTD. We still use a couple of transitional attributes (mostly align=center), but we don't want the extra work-arounds Mozilla based browsers apply to transitional documents. * sleuth (html_output), check.cgi: Revamped all HTML output stuff. Now we're using style sheets to add colors and most of the alignment. Works wonderfully in Mozilla, relatively good in non-CSS browsers, a bit funny in Netscape 4 due to its bugs. * Released as version 1.2. 2001-06-13 Martin Mares * check.cgi: Minor design changes. * sleuth (check_zone): Changed checks for minimum TTL according to RFC 2308 which specifies minttl should be used to control negative caching. * sleuth (check_zone): Check duplicate records. * sleuth (check_zone): Dangling CNAME's in reverse zones produce only warnings as they are usually an artifact of classless delegation schemes. * sleuth (check_zone): Avoid `PTR -> A for same address' checks when not in reverse check mode, but always check there is at least one A. * sleuth (check_zone_name): Better parsing of reverse zone names, give an error message if it fails. * sleuth (check_zone): Added checks of SRV records. * sleuth (check_zone): SOA: don't forget to resolve and check origin server. * sleuth (check_name): Relaxed the name checking rules to allow underscores. No standard currently seems to specify what is the exact syntax of a host name (only RFC 1033, but it's categorized as informational, not as a standard). Strictly speaking, we should do separate checks for host names, mail names, domain names etc., but I'd like to avoid such extra complexity for now. * sleuth (check_email): Warn about A records used instead of MX records. 2001-06-12 Martin Mares * sleuth (check_zone_basics): Completely rewrote nameserver scans. All nameservers mentioned in NS records plus the zone origin announced in SOA are tried, the origin server is preferred. In case any of these servers fails, the next one is tried automatically. If the user specifies server name explicitly, do the basic checks for all nameservers, but force use of the specified one for zone transfer and use it as the reference name server. Also check differences between NS record sets reported by all the servers. * sleuth (check_submit): Moved all submit-dependent checks here. Better checking of top-level domain names. * sleuth (resolve): If the name requested is invalid, don't attempt to resolve it. * sleuth: Added a "-p" switch for scanning of private networks which avoids private IP address checks and connectivity checks. * sleuth (check_reverse): Report private IP addresses. * sleuth: Try to avoid cascading of some kinds of errors, especially those induced by bogus CNAME's. * sleuth (check_zone): Wildcard A's and CNAME's are allowed, but strongly deprecated. Tolerate PTR's in forward zones and A's in reverse zones, but warn of them (they are permitted by RFC's, but this behaviour is very obscure and it should be avoided) and check them anyway. * sleuth (check_reverse): Rewrote the reverse mapping checks. Removed the "$recursive_check" machinery, it was unnecessary. Report all mispointed PTR's. Tolerate PTR's to a different name, but warn on them. Don't check reverse mapping of any IP address twice. * sleuth (check_zone): Better checks for recursive and overlapping CNAME's. * sleuth (check_email): Check all MX'es, not only the best one. * sleuth (check_zone): Fixed expire time checks, now 2..4 weeks as per RFC. * sleuth (check_name): Allow prefix sizes in reverse zones. Replaced the "all-digit name component" check by "all-digit name". * sleuth: Load a configuration file sleuth.conf upon startup. Moved all the hard-wired parameters there. * sleuth: Made severity of all messages configurable. 2000-10-29 Martin Mares * sleuth (resolve): Changed 2181/10.2,3 to 2181/10.2-3 to get the references right. Thanks to Marcel Telka for a bug report. Tue Sep 14 15:03:39 1999 Martin Mares * sleuth (try_resolve): Don't treat query send errors as fatal. Mon Sep 13 10:04:43 1999 Martin Mares * sleuth (check_zone): Added missing ref to RFC 1912/2.7 to the `wildcard only for MX' message. (check_name): Don't cry about invalid characters in proper wildcard names. Sun Sep 12 21:53:51 1999 Martin Mares * check.cgi: When sending mail with secondary name service request, don't forget to mention the server. Tue Jun 8 20:57:33 1999 Martin Mares * check.cgi: Implemented $sec_ns_addr_space check. * sleuth (check_zone): Commented out the localhost.$domain check as it's defined only in already obsolete RFC's.