2007/05/10 Duane Wessels

    Replaced unlicensed "SuperFastHash" with public domain
    "lookup3.c" by Bob Jenkins, from
    http://www.burtleburtle.net/bob/c/lookup3.c

2007/03/02 Duane Wessels

    Added Rcode table

2007/02/20 Duane Wessels

    Internal redesign.  Removed the data structures for storing
    1st, 2nd, and 3rd level query name stats and replaced them with
    an array supporting collection of up to 9 domain components.
    Replaced the -2 and -3 command line options with -l N where N
    is a number from 1 to 9.  Higher values of N give more details
    but also use more memory and CPU.

    Rewrote the display code.  Columns are now sized automatically
    depending on the width of the values being displayed, and the
    maximum width of the terminal.

2007/02/20 Duane Wessels

    Bugfix: The combined "sources + queryname" tables were counting
    incorrectly due to the use of in_addr_cmp() in the hash table
    comparison function.  We no longer store IP addresses as struct
    in_addr.  We store them as IPv6 addresses and the comparison function
    always returned 0 for v4 addrs.

2007/02/19 Florian Forster

    Arithmetic on void pointers is not well defined and Solaris
    complains.  Cast to char pointer instead.

2007/02/19 Dirk Jagdmann

    Added USE_IP6 define so that v6-code can be disabled somewhat
    easily.

2007/02/19 Florian Forster

    Portability fixes for IPv6-related code as well as some Solaris
    and Linux quirks.

2007/02/19 Duane Wessels

    Updated rfc1035NameUnpack() and fixed a buffer overflow bug.

2007/02/19 Tom moof Spindler

    There's two more occurences of c99ish "declare local vars in
    the middle of a block".

2007/01/05 Misc Bugfixes

    Some variables were declared in the middle of functions.  GCC
    tolerates this, but other compilers (Solaris) do not.

    Bug in switch statement.  break was before return (Bill Richter).

    Added checks for "__GLIBC__" and "__GNU__" preprocessor symbols
    for Linux compatibility (Petr Salinger).

2006/12/01 Florian Forster and Duane Wessels

    Incorporated Florian's patch to support IPv6.  Both v4 and v6
    addresses are now stored in an in6_addr structure, which means
    increased memory usage.  The old default bpf program ("udp dst
    port 53 and udp[10:2] & 0x8000 = 0") didn't work on IPv6 packets,
    so it is now just "udp port 53".

    Added -Q and -R command line options to select counting of
    queries, replies, or both.  The default is to count only queries.

    Added -4 and -6 command line options to select counting of
    IPv4-addressed messages, IPv6-addressed messages, or both.  The
    default is to count both.

2006/11/21 Duane Wessels

    Changed most of the linked lists to hash tables.  This should
    also result in less CPU usage on busy nameservers.

2006/11/20 John Morrissey

    A patch to use setitimer and SIGALRM for updating the display.
    On busy nameservers this results in less CPU usage because
    the display is updated less often.  The redraw interval can
    be specified with the -r command line option.

2006/05/17 Max Horn

    A few fixes for OS X.

    1) select()ing on a pcap FD doesn't always work.  Advice from
       tcpdump mailing list archive is to put it into non-blocking
       mode and ignore the select() return value.

    2) Added $(LDFLAGS) to link command line in Makefile to have
       dnstop linked with specific libraries.  LDFLAGS will be
       picked up from the environment.

    3) OS X needs to #include <arpa/nameser_compat.h>

2006/04/24 Duane Wessels
	
    Adriaan Peeters reported that the list of known TLDs is
    out-of-date.  In particular, the .EU domain is not in the list.
	
2005/04/05 Duane Wessels

    Mark Foster found a bug with the source+SLD list.  It was being
    updated for 3RD-level domain names as well.  Mark also suggested
    that the '@' key should display the source+SLD screen, just as
    '3' and '#' work for 3RD-level.

2005/01/21 Sam Norris

    Added support for third-level domain statistics.  Use the -t
    command line option to enable collection of 3rd-level stats,
    and use '3' while running to display them.  Note that enabling
    3rd-level stats collection does not automatically also enable
    2nd-level stats.

2005/01/13 Duane Wessels

    Added a non-interactive mode.  If you specify a savefile and
    stdout is not a TTY, dnstop prints each table at the end.

2004/03/09 Duane Wessels

    Added filter support.  Filters can be used to restrict the input
    stream to queries with certain characteristics.  The currently
    defined filters are:

    unknown-tlds        Only includes queries for TLDs that are
			bogus.  Useful for identifying hosts/servers
			that leak queries for things like "localhost"
			or "workgroup."

    A-for-A             Only includes A queries for names that are
			already IP addresses.  Certain Microsoft
			Windows DNS servers have a known bug that
			forward these queries.

    rfc1918-ptr         PTR queries for addresses in RFC1918 space.
			These should never leak from inside an
			organization.

2003/11/13 Mark Foster <mark@foster.cc>

    Added 'c' to display options. This screen will combine the
    source and sld fields to show "who is querying for what" -
    reason: we see alot of duplicate querys for whatever reason.
    This will help separate the legitimate queries from the broken
    resolvers, etc. See http://www.circleid.com/article/102_0_1_0_C/
    for more about that.