Short: HOST - the UN*X host command to get info from DNS server Author: louise@louise.amiga.hu Type: dev/gg Architecture: m68k-amigaos Uploaded: louise@louise.amiga.hu (LouiSe) Url: http://www.nikhef.nl/user/e07 Ported by LouiSe more info and other AMIGA ports at: http://louise.amiga.hu ----------------------------------------- @(#)RELEASE_NOTES e07@nikhef.nl (Eric Wassenaar) 991529 URL ftp://ftp.nikhef.nl/pub/network/host.tar.Z URL http://www.nikhef.nl/user/e07 yymmdd Description of changes per release TODO Things that still need to be done WISHLIST Wishes expressed by various people NOTES Important issues to keep in mind MISC Miscellaneous reminders HOSTCOUNT The RIPE NCC monthly European hostcount # ---------------------------------------------------------------------- # Description of changes per release # ---------------------------------------------------------------------- 991529 Extend functionality of the --compare option. When deciding between a zone transfer or a cache load, force a load from the cache if the cache is more recent than a certain reference time. The --compare switch takes an optional time period into the past to set this. Requested by Peter Koch 991527 Extend functionality of the -A option. When processing a reverse in-addr.arpa zone, and the -A option is specified, check whether the RHS in PTR records maps to a canonical host name. This may generate spurious warnings about PTR records that identify network names as suggested by RFC 1101. The check does not include CIDR delegations (RFC 2317). The same RHS is also checked for invalid characters. Not sure why I haven't implemented this earlier. Check dangling CNAME pointers. The new --cnamecheck option will check the RHS target in CNAME records for mere existence, by examining whether there are any resource records available. This check will be turned on automatically if the -A option is specified when processing a non-reverse zone. Reverse zones may have many CNAME entries pointing to nonexisting domains in case of CIDR delegations. Not sure why I haven't implemented this earlier. New resource records and query types. Define various new resource records, as registered by IANA recently. Most are still in draft, and have no support yet. These include T_A6/T_DNAME/T_SINK/T_OPT, as well as T_ADDRS/T_TKEY/T_TSIG. Enhance statistics printout. Show the total number of individual resource records found in all zones combined during recursive listings. Documentation update. Extend the list of related RFCs in the manual page. 991520 Prepare for local disk cacheing. Provide disk file I/O modules in new file.c. These are similar to the ones in send.c, and some of the code is duplicated. Implement new option specification. The verbose syntax '--option[=value]' is recognized. Provide straightforward alternatives for some existing short options and combinations of short options. This new syntax is not yet documented in the man page, but a summary is printed via the --help option. Change option to define explicit source address. Change the option flag from -Q to -O (origin). Add option to disable special processing. The new option -Q enables quick mode, in which various potentially time consuming special checks are skipped. Some of such checks were already skipped in quiet mode. It also disables accumulating statistics, if this is not explicitly requested. Some of these statistics would previously be gathered anyway in case verbose mode was selected. Change behaviour of timestamp option. The (still undocumented) option -K would force the execution of some tasks that would otherwise be skipped in a certain mode. This is no longer the case. Enhance statistics printout. Show the total number of resource records found, in addition to the individual resource record counts. Perform extra checks for valid names. Make sure the dash '-' is in the middle of a label, i.e. it is not immediately preceded or followed by a dot. The same for the dot itself, i.e. prevent double dots. Better control of special checks. During recursive zone listings, the checks for canonical host names and invalid underscores were always skipped (unless the -A switch was given) beyond the top level. These checks can now be selectively enabled via the new --canoncheck and --undercheck options. The checks are always enabled at the top level during zone listings, and in regular mode. They are never done if quick mode (-Q) is selected. Add several new options. The new --recursive option implies a zone listing with infinite recursion level. The new --nothing option prevents any resource record printout during zone listings. The new --retry=count option sets the maximum retry count for datagram (udp) nameserver queries. Implement local disk cacheing. The new option --dump copies the raw zone data to a disk cache file during zone transfers. The new option --load reads the zone data from the cache instead of performing a zone transfer. This feature is not yet documented in the manual page. Enhance SOA check. If the option --load is given when checking SOA records, the SOA record from the local cache is checked as well as the SOA records at each of the zone nameservers. Subsequent zone transfers are all loaded from the cache. Compare SOA serial numbers. When not explicitly loading the zone data from the local cache, the new option --compare causes the serial number from the cache to be compared with the real one. If they both exist and are the same, a zone transfer is avoided. If necessary for further processing, the zone is then loaded from the cache instead. Miscellaneous changes. Reorder and restructure command line option parsing. Use generic hash size for all hash tables. Make argument passing more consistent in some places. Add simple (undocumented) test facility for testing code separately within the host environment. This is a major new release. 991331 Guard against premature abort. Ignore SIGPIPE signals to avoid process termination when the remote peer has prematurely closed a virtual circuit (tcp) connection, which precludes further writes. This has been a long-standing bug. Very important fix. Found by Peter Koch Miscellaneous changes. Provide new version of rblookup script, to query ORBS besides MAPS. 991328 Fix potential buffer overrun problem. Before decoding a resource record from the nameserver answer buffer, make sure it fits entirely as indicated by its own record data length. For certain resource records decoding could fail if the answer was truncated due to insufficient internal buffer space, in virtual circuit (tcp) mode. Reported by Marco d'Itri New option to define explicit source address. The new option -Q allows to set an explicit source IP address in queries. Useful for multi-homed hosts with asymmetric routing policy. Works only if you compile with HOST_RES_SEND (default). Suggested by Pasztor Miklos Miscellaneous changes. Add the package name when printing the version number. Requested by Mike Sweger 990701 Speedup glue record filtering. Replace lineair search through the list of zones with a hash table lookup. Noticeable speedup may be achieved for zones with very many A records and delegated zones. Hopefully it alleviates the struggle with the .de zone by Peter Koch Add extra debugging hooks. Print timestamp messages at various points during zone listing processing. This is done via the undocumented new -K command line option. This option also forces execution of some tasks that would normally be skipped if they are not really necessary in a certain mode. New resource records and query types. Add support for T_CERT resource records (RFC 2538). Adapt T_KEY/T_SIG/T_NXT handling according to RFC 2535. Miscellaneous code cleanup. Split monolithic host.c source into smaller parts. Requires new glob.h file with global definitions. Documentation update. Extend the list of related RFCs in the manual page. 990522 Minor portability changes. AIX needs Reported by Andreas Ley There are no functional changes in this release. 990511 Minor portability changes. Solaris 2.7 defines `ipaddr_t'. Can you believe it. Fix glitch for bsdi. Noted by Paul Eggert There are no functional changes in this release. 980903 New option to define source address port. Queries to nameservers normally originate from a random source port on the client machine, chosen by the kernel. The new options -j and -J allow to define an explicit source port, or a range of such ports (-j min -J max). The nameserver reply packets will arrive on these ports. Useful if you are behind a firewall that filters random port numbers on incoming traffic. Works only if you compile with HOST_RES_SEND (default). Requested by Juergen Georgi Miscellaneous changes. Restructure handling of numeric command line options. 980531 New resource records and query types. Define T_CERT resource record type, but no support yet. 980108 Add more statistics in recursive mode. Classify zones depending on their number of hosts. Distinguish empty, small, medium, large, and huge zones. Results are printed with the final overall statistics. 980105 Print extra information on negative answers. If a query fails but a valid answer buffer was obtained, the authority section may contain extra information, e.g. an SOA record for the appropriate zone. This information is now printed, albeit only in verbose mode. Miscellaneous changes. Change the text of the verbose announcement message of the authority section. 971216 New resource records and query types. Add support for T_KX resource records (RFC 2230). Should not test the RHS name for a canonical name. The RHS name must have an A record, but may also be a CNAME. Miscellaneous enhancements. Optionally dump the data portion of the resource record in hex and ascii, after the regular printout. This is done via the undocumented new -Y command line option. Minor portability changes. Identify SVR4 platforms depending on cpp symbols, which are different for various compilers. Include another simple utility script. These scripts are just examples of wrappers to host. rblookup -- search the Realtime Blackhole List (MAPS). 971108 Use non-blocking mode for socket I/O. When reading socket input, select() may indicate data available, whereas the subsequent recvfrom() doesn't pickup any and hangs forever. When using non-blocking reads, this can be detected, and select() is restarted. Currently it is implemented only for stream (TCP) I/O. The problem has been observed only on the solaris 2.* platform so far, and has been reported by (who else) Peter Koch Minor portability changes. Move to a more appropriate place to avoid BSD mode compile errors on the solaris 2.5 platform. 971031 Extend tests for valid domain names. Signal an invalid domain name in case it consists of a dotted quad IP address where it shouldn't, such as in the RHS of NS and MX records. 971007 Reconsider heuristic to determine BIND release. Some vendors still ship new BIND 4.9 releases that have the old struct ``state'' instead of ``__res_state''. This is now controlled via Makefile CONFIGDEFS. There are no functional changes in this release. 971003 Additional SOA sanity checks. Report bizarre expire values, similar to BIND 8. Additional ttl checking. Report resource records with zero ttl values. Miscellaneous enhancements. Dump unrecognized and unimplemented resource records in hex and ascii. The official format is unclear. Backward compatibility fix. Some vendors still ship old BIND 4.9 releases that have the old struct ``state'' instead of ``__res_state''. 970908 Windows-NT portability fixes. Cannot use connected datagrams on NT, recvfrom() will return EISCONN. Skip connect() call, and use sendto() instead of send(). Line buffer mode does not seem to work. Use unbuffered output to synchronize stdout and stderr. Use the WSA interface during errno handling instead of the plain SetLastError and GetLastError. Make sure that errno values are the WSA values. Minor changes. Always use send() instead of write() for stream sockets. Miscellaneous changes. Minor esthetical code changes. 970830 Port to Windows-NT platform. Local module itoa() seems to conflict, rename to dtoa(). Use _stricmp() instead of strcasecmp() for comparisons. Must use send() instead of write() for socket I/O. For the time being, disable alarms and signal handling. Define network related errno values in terms of WSA. Rearrange code to store errno and h_errno values. The semantics of WSASetLastError and SetLastError are still unclear. This probably needs refinement. Exclude various standard header files that don't exist. Must be careful to avoid conflicts with portability.h from the BIND distribution. The port is not complete in the sense that it still depends on definitions from the BIND distribution. Contributions made by Paul E. Jones Minor portability fixes. Must use some prototypes to avoid compiler warnings. Properly identify certain platforms in port.h to avoid compiler warnings. Miscellaneous changes. Concentrate all global definitions in separate host.h header file. 970828 Linux portability fixes. On some linux platforms h_name is a (const char *). Recent BIND versions define hostalias() similarly. Use explicit casts in assignments and function returns to avoid compiler warnings. Minor portability fixes. Use explicit casts for ntohs()/htons() in a few places to avoid compiler warnings on some platforms. There are no functional changes in this release. 970521 Apply multiple PTR handling during zone listing. Multiple PTR records were handled properly only during the stand-alone cross-checks. This has been extended to the reverse mapping checks via -A during zone listings. Requested by Greg Woods 970511 Add extra SOA checks if zone transfer is refused. Lame delegations can be detected via the return status of a failed AXFR request, but not if the zone transfer is explicitly refused by a server. In that case, fetch the SOA record, and report failures similar to those during the -C checks. Requested by Peter Koch Miscellaneous changes. Declare hostalias() in defs.h only for BIND 4.8 where it was missing in . It conflicted with the new declaration in BIND 4.9.5 and gave compile errors. Reported by Juergen Georgi 970203 Anticipate multiple PTR records during cross-checks. As of BIND 4.9 domain names in multiple PTR records are returned via h_aliases by gethostbyaddr(). They are not round-robin reshuffled, however. The first encountered name is returned via h_name. Extend the checks during the special stand-alone -A mode to also cope with such aliases. A warning is still given if h_name does not map back to the original host name. Requested by Gabor Kiss The reverse mapping checks via the -A option during zone listings are still using h_name only. 970112 Bypass checks in reverse mapping domains. In reverse mapping domains, A records can be used to indicate network masks. They should not be subject to the checks for valid host names. This was already done during zone listings and when the -i option was given, but not if an explicit in-addr.arpa name was specified. Reported by Janos Zsako Update documentation. Several drafts have reached RFC status. 961113 Portability fix. Trying to include was a bit over-ambitious and caused confusion on some platforms. On certain platforms PAGESIZE is not a constant, but hides a sysconf() call. This precludes initialization of static variables in malloc.c There are no functional changes in this release. 961013 Configurable defaults. Make the compiled-in read timeout during stream I/O configurable in conf.h. The default value is 60 seconds. Make the new default _res.retry and _res.retrans values configurable in conf.h. Note that the _res.retrans value can be overridden with the -s command line option. Minor fixes. Guard against possible interrupts during I/O handling. 961012 Multiple answers during zone listing. Allow multiple resource records per reply buffer packet during zone transfers. Currently BIND puts each resource record in a seperate reply buffer, but there are other implementations which behave differently. Important fix. 961010 New resource records and query types. Add support for T_NAPTR resource records. Define T_EID/T_NIMLOC/T_ATMA resource record types, but they have no support yet. Minor fixes. When comparing domain names in routines indomain() or samedomain(), properly handle embedded quoted dots. This is just a generalization. Currently these modules are used only in those cases where embedded quoted dots are not valid. Miscellaneous changes. Attempt to further reduce lint clutter. It is difficult to eliminate this altogether. There are too many subtle differences between various platforms. 960929 New resource records and query types. Define the new IXFR type as per RFC 1995. No support for this yet, however. Add support for T_KEY and T_SIG resource records. These require some new utility functions. Recognize T_NXT and T_SRV which still have draft status. Extra safety checks. After a positive return from an ordinary gethostbyname or gethostbyaddr we cannot be absolutely sure that the size of the canonical h_name is within bounds. Note that this is guaranteed by host's internal modules. Minor fixes. Be more restrictive with respect to wildcard checking. Make sure it is really specified as the first label. Construct reverse in-addr.arpa name without trailing dot if we know that this is already an absolute name. Miscellaneous changes. Print also the input name we are going to hostalias(). Rename a few variables for better readability. Add various definitions that might be missing in the default include files on some weird platforms. Use a configurable limit for the number of recursive chain lookups. Some cleanup to avoid lint warnings on some platforms. Revised manual page. Some items needed an update. Extend the list of related RFCs. Several layout changes, suggested by Greg Woods. 960921 Extend functionality of -A option. If the -A flag is specified along with any explicit list mode option, it not only enables reversed address checking, it also enables those special checks that are normally suppressed during recursive listings, such as checks for canonical host names and invalid underscores. Revise -p option plus explicit server. Consider the set of NS servers gotten from an explicit server as authoritative if the -p option is also given. This affects whether or not to print lame delegation warnings in case the SOA record could not be retrieved. Suppress lame delegation warnings in case the A records for NS servers could not be retrieved and an explicit server is specified. The latter was an oversight. Indicated by Peter Koch Improve error reporting. After a negative return from an ordinary gethostbyname or gethostbyaddr we don't know whether or not the answer was authoritative. Perform an extra lookup in some few cases where we really want to distinguish between them. This is kludgy, and needs improvement. Revise additional checking during RR printout. This prevents possible recursive loops in some cases. Requires adapting the way state information is passed via print_info() and print_rrec(). Make query section consistency checks. When retrieving certain crucial information, such as SOA or NS records, make sure the qdcount is exactly one as it should be. The values in the query section in a reply should match those in the original query. This is already enforced by the BIND 4.9 res_send(). An error is reported when a mismatch is detected, but results are processed anyway. Make sure response comes from a known server. When using datagrams, compare the source address of the response to the list of known servers. Ignore the answer if there is a mismatch. Was missing for HOST_RES_SEND. Minor bug fixes. When retrieving SOA records, make sure they belong to the requested domain. Must properly set h_errno in some obscure circumstances. Miscellaneous changes. Clear the entire sockaddr_in before filling in the relevant entries. Some platforms seem to rely on sin_zero being actually zero. 960808 Conform to BIND 4.9.5 interpretation of TXT strings. When multiple strings are encoded, they are now treated and printed as individual quoted strings, separated by whitespace. Formerly, they were concatenated and printed as one single quoted string. Note that this interpretation makes the TXT data field multi-valued, and precludes the use of strings that are longer than 255 characters. 960512 Allocate list of host data dynamically. This avoids the MAXHOSTS static limit, and keeps the initial BSS of the executable to a reasonable size. Mentioned by Greg Woods The list will be expanded in chunks as needed during zone transfers, but will not shrink again. Escape special characters within quoted strings. Data fields of TXT/HINFO/UINFO records are printed as quoted strings. Some special embedded characters should be backslash-escaped in the output format. Properly handle tcp packet overflow. If the supplied answer buffer space is insufficient to store the entire answer, res_send() is supposed to return the length of the entire untruncated answer, not the number of bytes that are actually available. Increase MAXPACKET packet buffer size. This is now set to the maximum value used internally by the BIND named. The same value is used by dig. Although still static, it should be sufficient. Miscellaneous changes. Show the length of the received answer in various debug messages. This gives some insight in case of truncation. 960417 Rudimentary support for AAAA RR. Just decode and print the ip v6 address during regular RR type processing, in the most straightforward way. No provisions for reverse lookups yet. Increase MAXPACKET packet buffer size. The traditional value 1024 for the (tcp) packet size is no longer sufficient (see moderators.uu.net MX records). Miscellaneous changes. In verbose mode, show the number of bytes in the answer if it exceeds the (udp) packet size PACKETSZ (512), or in case the answer is truncated. Print the truncation indication at a more appropriate position. 951231 Cosmetic changes. Print all relevant messages in debug mode to stdout, and appropriately prefix them with ";; " to conform with the BIND 4.9.3 conventions. Miscellaneous changes. Consider the all-ones broadcast address a fake address. 951024 Avoid potential alignment conflicts. Allocate socket addresses of type struct sockaddr_in instead of type struct sockaddr. The first one has stricter alignment restrictions, although they have the same size. Correct various misspellings. Noted by Keith Bostic 950925 Portability fix. Refine type definitions for the arguments to various resolver routines to be even more backward compatible, and to avoid compilation or lint warning messages on new platforms. It should run clean on BSD44 systems. There are no functional changes in this release. 950923 Add new -z option to list delegated zones in a zone. This is a new variant of the zone listing specials. A zone transfer is done, and only the names of the encountered delegated zones are printed. This option is undocumented, and subject to change. Sort list of delegated zones alphabetically. Before acting on delegated zones during zone listings, sort them in alphabetical order for prettier output. Portability fix. The BIND 4.9.3 resolver routines require the passed buffer arguments to be of type u_char instead of char. This causes a prototype mismatch for HOST_RES_SEND. Mentioned by Geert Jan de Groot Minor command option functionality change. The -L flag, when given without any other list mode option, now implies the -l option. Miscellaneous code cleanup. Pass the name of the actually contacted server during zone listings in more elegant way. Avoid (harmless) lint warnings on picky platforms. 950822 Fix bug in recursive lookup handling. During recursive lookups, e.g. when following CNAME chains, querynames are always assumed to be already fully qualified, and must be tried ``as is''. The classical example of a CNAME that points to the pseudo "localhost.", or an erroneously dot-terminated single name, should not be subject to local aliasing or search list processing. They were. Reported by Alexander Dupuy 950809 Portability fix. Check for SVR4 as well as for SYSV in port.h, which is necessary for compilation via the master BIND Makefile. Suggested by There are no functional changes in this release. 950502 Maintain hash list for zone name lookups. This should not be really necessary for most practical purposes, but it makes processing of the .in-addr.arpa zone and even the .COM zone at least feasible. The latter still requires quite a lot of memory, and some cpu time to filter out the glue records from its 50000 A records and 110000 NS records. The toplevel zone count as of today is: COM 50000 delegated zones IN-ADDR.ARPA 30000 delegated zones ORG 5000 delegated zones NET 3000 delegated zones EDU 2000 delegated zones Suppress various checks in quiet mode. This avoids costly checks and achieves some speedup in cases that nothing would have been printed anyway. Supply alternative recv_sock() module. The select() system call may fail on the solaris 2.4 platform without appropriate patches. An alarm can be used instead, at the cost of extra system call overhead. 950429 Fix bug in error reporting. The name and address of the contacted server during zone listings could be clobbered by intermediate calls to res_send(). 950427 Fix glitch in host name lookup. New entry would be inadvertently added to the hash list in case the MAXHOSTS limit was reached. Miscellaneous changes. Speedup comparison of zone names and host names by looking up zone names in the host name hash list. 950407 Maintain hash list for host name lookups. A linear search through the per-zone host name table becomes very costly for zones with several thousands of hosts. Significant speedup is achieved. Even for recursive listings of many small zones the reduction of total processing time is noticeable. 950318 Increase (static) maximum number of hosts. This avoids imposing arbitrary limits in most cases. 950302 Prevent zone transfer for certain zones. Some zones are known to contain bogus information. E.g. definition of A records for all possible addresses in a class-B network will bias the hostcount. Add new -N option to define an explicit list of zones for which a zone transfer is deliberately skipped. Requested by Peter Koch Miscellaneous code cleanup. Split off various tasks from monolithic list_zone(). Invert the double matching loop in sort_servers(). Fix glitch when comparing matching domain labels. 950115 Sort list of nameservers for a zone. When the NS records for a zone are issued in BIND 4.9 round-robin fashion, this may yield an unfavorable order for doing zone transfers. Apply some heuristic to sort them according to preference, giving priority to servers within your own domain or parent domains. Add new option -P to define an explicit list of domains of preferred servers, giving priority to matching ones. Suggested by Marten Terpstra Don't suppress certain rr data any more. The preference value in the MX/RT/PX records and the version number in the AFSDB record was suppressed in non-verbose mode, unless the -T option was specified. These values are now printed by default. Requested by Geert Jan de Groot 941210 Adapt implementation of LOC RR. The binary data format has already changed twice: the four 4-bit fields are now four 8-bit fields, and log2 encoding has changed to power-of-10 encoding. Support for this will be incorporated in BIND 4.9.3. Still undocumented in the host manual page. 941206 Compatibility with BIND 4.9.3. The NOCHANGE query response has now been conditionally defined via #ifdef ALLOW_UPDATES. Older versions of BIND may still return this (should have been FORMERR). Improve error reporting. Define a special h_errno status SERVER_FAILURE for the case a SERVFAIL query response is returned. This is used to report lame delegations during SOA checking or zone transfers. Servers may return this code when the zone data has expired altogether. This is not a TRY_AGAIN situation if such server is authoritative. Suggested by Peter Koch Rename special status NOT_AVAILABLE to QUERY_REFUSED. Various minor changes. Check for invalid characters in T_AAAA record names. Print optional protocol and port from T_A record after a comment sign. Not sure whether this has ever been used. 941129 Implement LOC RR as defined by preliminary draft-RFC. Requires conversion routines for spherical position, vertical position, and precision. Tested on big-endian, little-endian, Alpha, Cray. This is only a pre-release. Undocumented until RFC gets public. 941125 Recognize new RR types as reserved by RFC 1700. Implement PX RR type as defined per RFC 1664. Implement GPOS RR type as defined per RFC 1712. Include few simple utility scripts. These are just examples of wrappers to host. nslookup -- emulate most functions of the real one. mxlookup -- lookup records at each of its servers. 941006 Lessen restrictions for certain tests. The checks for invalid underscores and canonical host names were suppressed during recursive zone listings on all levels. They are now suppressed only when not operating on the base level. This enables the checks during the ``host -C -L 1'' command. Extend functionality of -A option. If the -A flag is specified along with any explicit list mode option, it enables reversed address checking. The address of each encountered A record is reverse mapped, and it is checked whether it is registered and maps back to the A record name. This flag can safely be specified in the ``host -CA -L 1'' command. Add new -W option to list wildcard records in a zone. This is a new variant of the zone listing specials. A zone transfer is done, and only wildcard records are printed. The default resource record type is MX. This option is undocumented, and subject to change. 941004 Improve printout. Include conversion of the various time values from the SOA record in the comment part during ordinary printout. 941002 Call alternative res_debug print routine if available. In BIND 4.9.* an alternative module is present which accepts (as it should) the size of the query buffer. Rearrange include files. Move configuration definitions to new conf.h. 940917 Improve support for NSAP records, as per RFC 1637. Print ordinary NSAP addresses with separating dots, after the 1-byte AFI, then after every 2 bytes. Add new option -n to generate reverse NSAP within the nsap.int domain, similar to the -i option. Print reverse NSAP in forward notation, unless forced to print full zone file format. 940911 Verify that some host names are canonical. This is formally required, but also in practice highly desirable. The target hosts in NS and MX records only are verified, being the most crucial. Currently the test is skipped during recursive zone processing, to avoid excessive output of non-canonical MX targets. When figuring out the nameservers for a zone before doing a zone transfer, a non-canonical nameserver name is always reported. Report illegal domain names. This is now done by default for 'host' related domain names. The A and MX record names and NS and MX target names are checked only. Only alphanumeric characters and hyphen '-' are valid. Currently the reporting of names containing underscores is suppressed during recursive zone listings, to avoid excessive output of such illegal host names. During SOA checking, an illegal primary or hostmaster is always reported. Document the -I option. This option does no longer trigger the checking of invalid characters in names. To suppress illegal underscore messages, use "-I _". To show them during recursive listings, use "-I ''". Modify various messages. Make some warning messages slightly shorter, and start the message with the resource record or zone name. Most of the SOA check messages have been affected. Remove the answer buf offset in the incomplete HINFO warning messages. Improve error reporting. Include the name of an explicit server in ns_error() messages describing h_errno. This was already done for the errno messages. Include the server name also in ns_error() messages after a failing zone transfer from that server. Define a special h_errno status NOT_AVAILABLE for the case a query was explicitly refused. Some servers are configured to refuse zone transfers. Major update of manual page. Explain some more failure messages. Explain most of the common warning and error messages. 940819 Modify various messages. Include the server name in messages reporting failures and problems during zone transfers. Implement ttl consistency checks. Multiple records of same name/type/class should have the same ttl value in zone listings. This is now checked. A suitable hash function is needed to minimize overhead. The approach is similar to the function used in sendmail. This has been a long-standing wish from Peter Koch Various speedup fixes. Avoid unnecessary indomain() calls during zone listings. 940713 Modify various messages. Replace some of the ``extraneous'' messages with a more descriptive text. Include name and type of the query in messages reporting format errors in the response. Include zone name in error messages during SOA check. Revise check for valid names. If a domain name refers to a ``mailbox'', the part up to the first unquoted dot is the ``local part'' to which the RFC 822 syntax rules apply. 940623 Revise res_send() strategy. Mark bad server status for certain conditions which make it unlikely that we will succeed during the next try. Operating system failures are not in this category. Nameserver unreachable status is now reported in a more reliable fashion. A second try would sometimes timeout. (May be useful for monitoring the upcoming summer 1994 reshuffling of EBONE/EuropaNET/NSFnet interconnections). Facelift for socket I/O routines. Systematically use _res_close() to close a connection. Include the answer packet length in debug printout. Extend resolver initialization. Set initial query ID to some arbitrary number. Various speedup fixes. Avoid unnecessary strlen() calls during zone listings. Check whether the resource record data must be printed outside the print routine to avoid unnecessary overhead. Use bcopy() instead of sprintf() in obvious cases. Better output format control. In non-verbose and non-debug mode, only pure resource record output is written to stdout. Add new -Z option to force resource record output to be in full zone listing format, including trailing dot in domain names, plus ttl value and class indicator. Rearrange include files. Define resource record structures in rrec.h. Function declarations moved to defs.h. 940615 Various portability changes. Avoid use of sizeof() for all entities that have a fixed field width, and use predefined constants instead. This is necessary for systems without 16 or 32 bit integers. Fix use of ipaddr_t and struct in_addr appropriately. All this makes the utility portable to e.g. Cray. Save and restore state during recursive lookup. Error codes could be clobbered during MAILB tracing. Miscellaneous minor code cleanup. 940603 Fix implementation for -F option properly. Exchanging the role of stdout and the logfile now works on all platforms. Asked by Artur Romao 940526 Combine explicit server and -p option. If both are specified, the explicit server is contacted to retrieve the desired servers for the given zone during zone listing/checking modes. This is useful for checking zones that have not been registered yet. Requested by Geert Jan de Groot Rudimentary support for NSAP records. This is still very experimental. It is unclear how an NSAP address should be encoded in the resource record, and how its hierarchical structure is decided. Inspired by the 4.9 diffs from cisco.com. 940317 Print SOA serial always as an unsigned value. Warn about ``extraordinary'' serial if high bit is set. Reset errno to avoid stale values. Could happen when doing multiple gethostbyaddr() calls in extended mode when the BIND res_send() is linked in. Problem noted by Solaris portability fix. For solaris 2.x use res_gethostby{addr,name} modules to force dns lookups. The __switch_gethostby{addr,name} modules have disappeared in solaris 2.3. 930926 Extend -I option with argument containing allowed chars. This string specifies formally illegal, but silently allowed characters when checking illegal domain names. The -I option is still necessary to enable checking. Still done only for resource record names in listings. Note that some hesiod names contain the '/' character. Indicated by Peter Koch . Additional SOA record checks. Check hostmaster field for illegal chars, such as '@' (needed as long as data field names are not checked). Revised SOA record checks. Check primary field against list of known nameservers. Issue warning if not among the authoritative servers. This may be intentional in special cases, however. Required some code reshuffling. Add new -M option to list mailable subdomains in a zone. This is a new variant of the zone listing specials. A zone transfer is done (without listing anything by default) to determine the available delegated zones. For each of these zones, the MX records are printed. Experimental, undocumented. Insufficient too: you really want to see also the domains for which only an MX record exist. Cleanup terminology in the code documentation. Remove the word 'subdomain' and cleanup the confusion between 'domain' versus 'zone'. Update manual page. Use terminology that is technically more correct. Explain various things that were still missing. 930919 Print actual name that was queried in error messages. Formerly, only the (possibly abbreviated) queryname as specified on the command line was printed. Special care must be given if domain search is enabled, especially in the enforced BIND compatibility mode. Looks much better. Asked by Some more SOA record tests. Some records have the name of the zone specified in the field that should contain the name of the primary server. Miscellaneous minor changes. Slightly modify the nameserver name printout during -C. Set proper h_errno when answer buffer counts are corrupt. Add new -V option to print version number. Define version in separate vers.c Use class mnemonics as defined in RFC 1035. Print 'CH' instead of 'CHAOS'. Anyone using this ? Recognize obsolete 'CS' or 'CSNET'. Pretty useless. Just for ultimate completeness. Check for invalid characters in domain names. Only alphanumeric characters and hyphen '-' are valid. Unfortunately, the use of underscore '_' is widespread, so issuing a warning by default is unrealistic. Therefore: Add new -I option to warn about illegal domain names. Currently done only for resource record names during zone listing. Could be extended to domain names in data fields. Perhaps a warning by default in case illegal other than underscore. Option is still undocumented as the semantics are subject to change. 930915 Add -R option to always first try search domains. Normally querynames are assumed to be fully qualified and are tried as such, unless it is a single name which is always tried, and only once, in the default domain. This option sets RES_DNSRCH and simulates the default BIND behavior, with the exception that NO_DATA status terminates the search immediately. With the additional otherwise undocumented -B option the BIND behavior is fully enforced and the search continues. Added only for testing purposes, not for general use. Few more BIND 4.9 compatibility changes. Some resolver routines have gotten new argument types. Adapt Makefile to BIND conventions. The Makefile can be used completely stand-alone, or can be invoked from the master BIND Makefile. Affects names of various (inherited) make variables. Change BIND_RES_SEND to HOST_RES_SEND with opposite meaning. Default is HOST_RES_SEND in case stand-alone. 930911 Extension of user interface. Allow multiple arguments on command line or from stdin. Requires new syntax for specifying explicit server. New options -x and '-X server' indicate extended syntax. Quite a lot reshuffling of code. Urgently requested by and Paul Vixie Configurable default options. Use an environment variable HOST_DEFAULTS to pre-define default options and parameters. These are interpolated in front of the command line arguments before scanning. Syntax is the same as the command line syntax. Fix bug when querying single name without dot. Not only the default domain, but also the eventual other search domains would be tried, although DNSRCH is off. This is a long-standing bug. Very important fix. 930908 Various declaration changes for portability. Print TXT/HINFO/UINFO strings within double quotes. It is done both in regular and zone listing output. This is conforming the syntax for zone input files. Add trailing dot to domain names in zone listing. This is conforming the syntax for zone input files. The trailing dot is not added in regular output. Define exit codes in new exit.h header file. This avoids the need to include /usr/ucbinclude when running in non-BSD mode on solaris 2.x platforms. Attempt to diagnose lame delegations. Error messages about lame delegations are given during zone listings and when checking SOA records (but only when the contacted servers are supposed to be authoritative). Also in case servers from NS records turn out not to exist. This may need some refinement for special cases. Perform some extra checks during zone listings. Check for unexpected error status in packets. Only the very first packet in response to a transfer query can have an error status. Issue warning if only a single nameserver found. Not an error per se, but not much redundancy then. Suggested by Peter Koch . Check for anomalous empty zone transfers. Transfers consisting of only SOA records could occur if we queried the victim of a lame delegation which happened to have the SOA record present. Fake an error that will result in a lame delegation message. Mentioned by Peter Koch . Indicate list/check failure/success via exit code. Failure status is returned in case any error has been reported via errmsg or pr_error (not pr_warning). For Ruediger Volk Add -o option to suppress rr output to stdout. Can be used in combination with -f to separate rr output from verbose comments and error output. Perform some SOA timer consistency checks. Check timer values for anomalies, such as (retry > refresh) or (refresh + retry > expire). Suggested by Peter Koch . Also compare all values instead of just serial. More accurate reporting of zones processed. Print total number of successful zone transfers versus the number of attempted transfers. Print count of zones which were successfully processed (transferred or -C checked) versus the number of zones requested to be processed. From this we can deduce the number of transfers that failed and the number of times we couldn't find any nameservers. 930901 Increase MAXNSNAME from 12 to 16. This is conforming NSMAX in ns.h Don't accumulate statistics if not necessary. Skip the costly host count scan in case nothing would be reported at all according to the command line options. Add some extra checks during zone listings. Check for invalid nonzero nscount and arcount. Special handling for non-authoritative answers. We had already NO_RREC for non-authoritative NO_DATA, but non-authoritative HOST_NOT_FOUND would yield TRY_AGAIN. Change this to NO_HOST to issue a separate error message. This identifies some special cases, e.g. queries for a non-existing name using class C_ANY when the nameserver is authoritative only for one specific class. Use TRY_AGAIN in both cases during zone listing errors. Minor declaration changes for portability. Add -F option to exchange role of stdout and logfile. The '-F file' is the same as '-f file' but all stdout output goes to the logfile, and stdout only gets the extra resource record output (so that it can be used in pipes). Implementation is inherently unportable. Supported only on a few platforms where it happens to work. Explain status messages in the manual page. Include address and name of server in perror messages. This gives a lot more information in case stderr and stdout are differently redirected. 930830 Make error checking in some routines uniform. Miscellaneous declaration changes. Filter resource record class appropriately. In zone listings records of different class can show up, e.g. HS records are mixed with IN records. Only records of the requested class should be processed. This fixes problems with recursive zone traversals and inaccurate statistics. Pointed out by and . Important fix. Include record class, if special, in some output. Show the class if it is not the default IN class. Include address of duplicate hosts in message. This may help to locate the problem. Properly concatenate long TXT strings that are split. Long TXT strings (>255) are split as of BIND 4.8.3. They were displayed incorrectly with TAB separators. Problem noted by Peter Koch . Cleanup some DNS terminology in output messages. Fix some confusion between '(sub)domain' and 'zone'. Only done in the output of host, not yet in the documentation. Pointed out by Peter Koch . Implement host address list as hashed list. The linear list is replaced with a hashed list, using the low-order address bits as the key. This may dramatically speed up recursive zone listings. Very important fix. Suggested by Peter Koch . Miscellaneous portability hooks. Add new port.h header file. Change u_long to u_int for resource record fields. These are fixed 32-bit quantities. Note that BIND 4.9 uses u_int32_t for these, but still uses (inconsistently) u_short instead of u_int16_t. Necessary for port to alpha and BIND 4.9. Change u_long to ipaddr_t for 32-bit address fields. For the time being, make this identical to u_long for non- alpha machines with pre-BIND 4.9 to avoid lint warnings. Note that BIND 4.9 uses u_int32_t for these. Necessary for port to alpha and BIND 4.9. Introduce new typedef for 'struct state'. Necessary for BIND 4.9. Make all arguments to vararg routines same type. No more mixing of arbitrary pointers and ints. Only number of arguments is variable. Requires few silly interfaces. Necessary for port to alpha. Add the RELEASE_NOTES file to explain changes. 930209 Lookup server name with default resolver values. Check SOA records without nameserver recursion. Implement new RR types from RFC 1183 and 1348. 921005 Anticipate ultrix specific resolv.h Miscellaneous declaration changes. Some reshuffling of code. 920702 Recognize alternative program call names. Distinguish between auth and non-auth NO_DATA. 920624 Lookup server name before changing nameserver address. Handle possible truncation in zone transfers. Provide private simplified version of res_send(). Add -u option to force virtual circuit connections. Move all socket I/O routines to separate send.c. 920616 Allocate list of zonenames dynamically, not statically. Move and slightly modify the test for fake hosts. Suppress host count statistics during inverse listing. Miscellaneous documentation updates. 920315 Improve counting of hosts within domain. Discard glue records not directly within domain. Keep track of hosts with duplicate address. Add -D option to list duplicate hosts. Add -E option to list extrazone hosts. Miscellaneous casting and typing cleanup. Increase (static) number of possible subdomains. 911201 Option -T also prints MX preference value. Save name of longest hostname found (just for fun). Undocumented option -g to select long names (fun). 911010 Don't recurse on cnames if querytype is cname. 910923 Count gateway hosts (with multiple addresses). Add -G option to list gateway hosts. 910905 Improve counting of hosts within domain. Allow hosts not directly within domain. Increase (static) maximum number of hosts. 910415 Improve finding of subdomain names. Allow subdomains not directly within domain. Check for unauthoritative glue records. Add -T option to print ttl when non-verbose. Improve connect timeout handling. Improve dotted quad parsing. Minimum ttl is now called default ttl. 910129 Maintain count of hosts during domain listings. Check for hosts with same name as subdomain. Add -H option for special host count mode. Recognize obsolete T_MAILA. # ---------------------------------------------------------------------- # TODO # ---------------------------------------------------------------------- Enhance reverse mapping. The new BIND 4.9.* gethostbyaddr() can be configured to return host aliases in case multiple PTR records were encountered during the reverse lookup. It is unclear what the official host name should be. Should perhaps abandon the idea of official host name. However, the PTR records are still exempt from the new round-robin scheduling, and are returned in the order in which they are defined in the zone file. Enhance error reporting. After a negative return from gethostbyname/gethostbyaddr we want to know whether the answer was authoritative or not. In a few places we are able to find out, but this is a kludge and needs to be reimplemented. # ---------------------------------------------------------------------- # WISHLIST # ---------------------------------------------------------------------- Skip printing of second SOA in zone listing. Asked by Peter Koch . Check for both A and AAAA records. The check for canonical hostnames in NS and MX records should be extended to include also AAAA records. Asked by Matti Aarnio # ---------------------------------------------------------------------- # NOTES # ---------------------------------------------------------------------- Include files and resolver library. If you are linking this utility with an explicit resolver library, make sure you will be compiling with the same include files that were used to build the resolver library. The BIND 4.9 include file is incompatible with the BIND 4.8 version. This utility can handle both versions, but you cannot link with an 4.9 library after compilation with the 4.8 include files, and vice versa. Old resolver libraries. The res_mkquery() routine in the SUN-supplied resolver library on SunOS <= 4.1.3 adds the default domain to given single names if REF_DEFNAMES is set. This is not correct and leads to undesired results if you query about toplevel domains. It may be a pre-BIND 4.8.2 problem. The same behavior is reported in the default ultrix resolver. This will not be fixed in host. The documentation states that you need BIND 4.8.2 or higher. Problem noted by Peter Koch . Vendor-specific resolver libraries. Some vendors supply resolver libraries with configurable lookup strategies for gethostbyname/gethostbyaddr, e.g. to consult DNS, NIS, /etc/hosts, or other databases, in specific order. Such libraries are to be avoided when linking host. It is meant to query the DNS and DNS only. SUN's resolver library on solaris 2.x If you are on solaris 2.x and you don't have a proper BIND resolver library to link with, but have to use the broken default library, you can define NO_YP_LOOKUP in the Makefile to prevent gethostbyname/gethostbyaddr querying the YP/NIS. SUN will probably implement BIND 4.9.3 after its release. Multiple answers during zone listing. During zone transfers BIND 4 encapsulates every resource record in a seperate reply buffer containing a HEADER and an answer section (ancount == 1). The authority and additional section are empty. The query section is also empty except in the very first reply buffer. Some non-BIND implementations, as well as later BIND 8 versions, may send multiple answers per reply buffer so that (ancount > 1). Buffer size restrictions. BIND uses internal query/answer buffers of relatively small size, and puts an upper limit on the size of the individual resource record data length. Such restrictions are not imposed by the appropriate RFC specifications. These sizes could, and perhaps should, have been larger. Truncation, even in virtual circuit (tcp) mode, could occur for a resource record set consisting of very many MX records, or for excessively large TXT records. Some other utilities don't handle truncated tcp answers properly, but host is now protected. # ---------------------------------------------------------------------- # MISC # ---------------------------------------------------------------------- Port to DEC/Alpha with OSF/1. Requested by various people. This requires basically two adaptations: - sizeof(u_long) is 64 bits instead of 32 bits. Affects ip address fields and some fixed fields in the nameserver query/answer buffers. - pointers in C subroutine arguments are 64 bit quantities. Affects the varargs modules. Suggestions by Dietrich Wiegandt and David Cherkus . Compatibility with BIND 4.9. Don't use the u_long types any more. The 'struct state' is now 'struct __res_state'. New resolver library has various hooks for 'dig'. New resolver library prints to stdout with leading ";" but unfortunately not everywhere. It prints to stderr sometimes also with ";" but does not so in the perror() messages. (Things have been corrected in BIND 4.9.3). BIND 4.9 prints FQDN with trailing dot. BIND 4.9 prints TXT strings within double quotes. New features of BIND 4.9.3. Don't use sizeof() for u_int, u_short, struct in_addr, and HEADER, but use predefined constants for entities that have a fixed field width. A new parameter _res.ndots has been defined. The res_search() module may query the given name ``as_is''. The res_search() module retries after SERVFAIL. The res_send() module marks a bad server status for almost every error condition. Extra checks are carried out to ensure that a reply packet really is the answer to a query: nameserver addresses and query fields are compared. # ---------------------------------------------------------------------- # HOSTCOUNT # ---------------------------------------------------------------------- Since 1990 RIPE has been conducting the monthly hostcount of the European and surrounding countries, using this "host" program. See http://www.ripe.net/hostcount for details. For each of the applicable toplevel domains, the entire DNS tree is recursively traversed, performing zone transfers from the appropriate nameservers. During this process, statistics are accumulated, and various checks are carried out to report error conditions. The statistical results and the error reports are published and are publicly available. Zone administrators are requested to allow zone transfers to the designated hostcount machines, and they are usually willing to cooperate. A single job per toplevel domain would do all processing in one sequential run. With the current growth of the Internet, and the corresponding increase of the DNS information, this is no longer practical, at least for some of the largest domains. The total runtime would become excessive, and make the process vulnerable for unexpected crashes or network outages. The procedure can now be split up into two independent parts: o A data collecting phase, which only performs zone transfers and saves the information in local cache disk files. This is restartable at any moment, and can easily be subdivided into parallel streams. o A data processing phase, which just reads the current local cache, making a snapshot without doing any zone transfers. The recommended commands for this are the following, with only the minimally required options shown. 1. Data collection (dump to cache) host --recursive --nothing --quick --compare --dump zone 2. Data processing (load from cache) host --recursive --anything --hostcount --statistics --load zone Various other switches can be specified to turn on extra checking and verbose logging. Special attention deserves the command host --checkzone zone This will perform an extensive analysis of the given single zone by turning on all implemented checks. All zone administrators are encouraged to regularly exercise this for their own zones. If this command passes all tests, the world would be a better one.