diff --git a/ChangeLog b/ChangeLog
index e033b71..252d5e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 # $Id$
-Version 0.4.1 (latest)
+Version 0.4.2-beta (latest)
+* Ensure all options get initialized to defaults before any attempts at setting
+  them via configuration, environment, or cmdline args.
+* Allow all cmdline args to be set optionally using environment variables
+* Updated documentation and added plaintext version
+
+Version 0.4.1 - 2006/10/19
 * Updated scripts/data2ldif.pl to properly handle reverse domains
 * Fixed parser bugs in scripts/data2ldif.pl (Thanks Fleischmann Bonaventura and
   Adrian Goins)
@@ -11,7 +17,7 @@ Version 0.4.1 (latest)
   Gregory for the bug report)
 * Updated FAQ
 
-Version 0.4.0
+Version 0.4.0 - 2006/06/17
 + Corrected segfault when using BIND output with SRV records (Thanks Fred Leitz)
 + Fixed off-by-one string termination problem
 + Fixed a number of possible segfaults if required cmdline options were missing
@@ -22,7 +28,7 @@ Version 0.4.0
 + Added search timeout and max record count options
 + Added warnings when zero records are returned from searches
 
-Version 0.3.7
+Version 0.3.7 - Unreleased.
 + Changed default location of ldap.conf to /etc/ldap.conf
 + Added note on potential security vulns in deprecated/webadmin to README
 + Changed port declarations/format strings from int to unsigned short
@@ -32,7 +38,7 @@ Version 0.3.7
 + Fixed typo in ldap2dns.spec.in
 + Updated example ldif in doc/ (Thanks Marc Huot)
 
-Version 0.3.6
+Version 0.3.6 - 2005/12/16
 + New maintainer: Ben Klang <ben@alkaloid.net>
 + Fixed bug with duplicate OIDs in dns.schema from partially applied patch
 + Renamed schema file to ldap2dns.schema
diff --git a/doc/README b/doc/README
new file mode 100644
index 0000000..0e8b216
--- /dev/null
+++ b/doc/README
@@ -0,0 +1,427 @@
+                              LDAP to DNS gateway
+
+ldap2dns is a program to read DNS (Domain Name Service) records from an LDAP
+directory and format them into flat files suitable for TinyDNS (or Bind).
+
+ldap2dns reduces all kind of administration overhead: No more flat file
+editing, no more zone file editing. After having installed ldap2dns, the
+administrator only has to modify the data stored in the LDAP directory.
+
+Optionally access control can be configured for each zone, GUIs can be more
+easily implemented, and add all other kind of zone and resource record
+information can be managed without interfering with the DNS server.
+
+ldap2dns is designed to write ASCII data files used by tinydns from the djbdns
+package, but also may be used to write zone db files used by named as found in
+the BIND package.
+
+ldap2dns is known to compile and run under Linux and Solaris using GCC or Sun
+Studio C Compiler.
+
+Introduction
+
+Often it is desirable to store DNS information in a database rather than in
+flat text files. This can greatly help to reduce administration overhead since
+associate information such as billing contact, account management, etc. can be
+stored and processed inside the same database. Also due to the nature of DNS,
+information must be stored redundantly on two or more hosts. The classical data
+replication through zone transfer is unreliable, insecure and difficult to
+administer.
+
+To solve this problem some proprietary attempts have been proposed to store DNS
+information in relational databases. The nature of DNS, however, is
+hierarchical and such should the database be. Using a relational database to
+store DNS information is undesirable, because it becomes difficult to store
+free form information. Within a hierachical data scheme, the administrator
+might define more than one IP-address for each canonical name. To implement
+such a feature in a relational database without breaking the normalization
+rules, one would have to add another table.
+
+One of the most widely spread hierarchical database protocols is LDAP. ldap2dns
+retrieves DNS information stored in an LDAP directory service and generates a
+file suitable for name-servers.
+
+The two most-widely-used domain name service daemons, named and tinydns are
+supported.
+
+ldap2dns specifically has been designed to work with tinydns and is the favored
+name server daemon for the author of this program. ldap2dns can also generate
+files suitable for named version 8 (and possibly version 9), but this feature
+is not well supported.
+
+There is a RFC for a format description how to store DNS information in LDAP.
+This paper a draft RFC which expired in February 1999, looks as if it has been
+specially designed to be used by named. This scheme does not have strict
+attribute-value-pair mapping, making it difficult to be used by user
+interfaces. It also lacks of an implementation (or I have never heard of any).
+Since tinydns is going another descriptive way the original author implemented
+a similar object-scheme more suitable for tinydns.
+
+Installation
+
+  * Install an LDAP server such as openldap. Other LDAP implementations may
+    work but have not been tested. If you are building from source you will
+    need to also install the development libraries and include files. On most
+    package based systems these would be the -devel packages (example:
+    openldap-devel).
+  * Install djbdns or BIND. Configuring the nameserver to automatically start
+    and work in your environment is beyond the scope of this document.
+  * Install ldap2dns
+    From RPM:
+
+    $ sudo rpm -Uhv ldap2dns.rpm
+
+    Replace "ldap2dns.rpm" with the file you have downloaded.
+    Now that you have it installed, skip to Usage to continue.
+
+    To build ldap2dns from source:
+    Unpack the package and build it:
+
+    $ gzcat ldap2dns.tar.gz | tar x
+    $ cd ldap2dns-version
+    $ make
+    $ sudo make install
+
+
+
+Configuration
+
+  * Copy the file ldap2dns.schema into the directory /etc/openldap/schema. Add
+    the following line to Your slapd.conf file:
+
+    include         /etc/openldap/schema/ldap2dns.schema
+
+    Now restart your LDAP server.
+
+Note: If you are running OpenLDAP 2.0 or earlier look for appropriate schema
+files for your version in the deprecated/ subdirectory. These files are known
+to work as of ldap2dns 0.3.5 but are no longer supported for future feature
+updates.
+
+
+  * Start to populate your LDAP server with DNS information. As a first test do
+
+    $ ldapadd -D "binddn" -w password < example.ldif
+
+    Replace 'myorg' and 'binddn' with whatever is appropriate on Your system.
+    Start a search and see if something was added
+
+    $ ldapsearch -D "binddn" "objectclass=dnsrrset"
+
+  * Test ldap2dns
+
+    $ ./ldap2dns -D "binddn" [ -b "searchbase" ] [ -w passwd ] -o data -o db -L
+
+    This should create a 'data' file, a 'corp.local.db' file and should print
+    the DNS content.
+    Note: The data file is text data which can be processed with tinydns-data.
+    corp.local.db is the file as used by named. If You are using bind, You also
+    have to adopt the file /etc/named.conf and You have to restart named.
+
+
+
+Schema Documentation
+
+Two object-classes have been defined. DNSzone stores all the information to
+define a DNS zone, such as the SOA (Start Of Authority), serial numbers etc.
+DNSrrset is used to store the information for a single resource record, such as
+the domain name, IP-addresses, class and type.
+Here are the tables:
+
+DNSzone
+
+This object-class represents a DNS zone. It is the container for all the
+resource records within a zone. Zones can be primary or secondary. If used in
+conjunction with tinydns zones are always primary. Secondary zones don't make
+sense anyway! In addition to being a container, the zone object has attributes
+related to the management of the zone. These include the zone's SOA
+information. Each zone-object can have none to many children of class DNSrrset.
+
+   ATTRIBUTE               VALUE                          Comment
+objectclass     DNSzone                      required
+cn              common name                  required
+DNSzonename     Name of the zone             required, multivalued
+DNSserial       Serial number of SOA         optional
+DNSrefresh      Refresh time of SOA          optional, only used for zone
+                                             transfers
+DNSretry        Retry time of SOA            optional, only used for zone
+                                             transfers
+DNSexpire       Expire time of SOA           optional, only used for zone
+                                             transfers
+DNSminimum      Minimum time to live         optional, only used for zone
+                                             transfers
+DNSadminmailbox Hostmaster's contact address optional
+DNSzonemaster   Primary nameserver for this  optional
+                zone
+DNStype         SOA                          must be SOA
+DNSclass        IN                           must be IN
+DNSttl          time to live                 optional, only used with tinydns
+DNStimestamp    timestamp                    optional, only used with tinydns
+
+  * DNSzonename: This field is required to describe the zone's domain name, for
+    instance myorg.com. More than one DNSzonename my be specified for a DNSzone
+    so that the same host is accessable with different zonenames.
+  * DNSserial: This is the serial number as used for BIND's zone transfers.
+    Here it is used to inform ldap2dns that it has to rebuild its data-file.
+    Without increasing the serial number ldap2dns will ignore all modifications
+    until it is restarted.
+  * DNSrefresh, DNSretry, DNSexpire, DNSminimum: You may safly ignore these
+    numbers if You don't do zone-transfers. Since Your secondary nameserver
+    will connect to the LDAP server the same way Your primary does, You don't
+    need zone-transfers anyway.
+  * DNSzonemaster: Here you specify the canonical name of your primary
+    nameserver.
+  * DNSadminmailbox: This is the contact address of Your DNS-administrator. The
+    first dot is converted to a @.
+  * DNStype: Must be SOA (Start Of Authority)
+  * DNSclass: Must be IN (Internet, or do still use Chaosnet?)
+  * DNSttl: This is the time-to-live value as used by tinydns. If TTL is
+    nonzero (or omitted), the timestamp is a starting time from whereon this
+    zone's information is valid. If TTL is zero, the timestamp is an ending
+    time (``time to die'').
+  * DNStimestamp: This is the timestamp as used by tinydns. It represents a
+    string as external TAI64 timestamp, printed as 16 lowercase hexadecimal
+    characters
+
+DNSrrset
+
+The Resource Record Set represents all of the resource records for a given host
+name within a zone. It must be a child of a DNSzone object.
+
+  ATTRIBUTE             VALUE                          Comment
+objectclass    DNSrrset                required
+cn             common name             required
+DNSdomainname  Name of this record     optional, relative to zonename
+DNSipaddr      IP address              optional, mutivalued
+DNScname       Canonical name          optional, without ending dot relative to
+                                       zonename
+DNSpreference  integer                 optional, only used for MX records
+DNStype        A, CNAME, NS, MX, PTR   must be any valid record type
+               or TXT
+DNSclass       IN                      must be IN
+DNSttl         time to live            optional, only used with tinydns
+DNStimestamp   timestamp               optional, only used with tinydns
+DNSsrvpriority SRV Priority            optional, defaults to 0 for SRV records
+DNSsrvweight   SRV Weight              optional, defaults to 0 for SRV records
+DNSsrvport     SRV Port                Required for SRV records
+
+
+  * DNSrrset: This object-class must be a direct child of DNSzone. Its dn
+    should be specified as
+
+    cn=domainname,cn=zonename,...
+
+  * DNSdomainname This is the partial domain-name, ie. the part in front of the
+    zone-name.
+  * DNSipaddr: This specifies the IP-address in dotted format. It can be used
+    for DNSrrset's of type A, NS, MX or PTR. DNSipaddr is multivalued to
+    specifiy more than one IP-address for a service. If used in DNSrrset's with
+    DNStype = PTR it overrides the old-fashioned form used in DNSdomainname
+    such as 13.178.23.in-addr.arpa for reverse lookups.
+  * DNScname: Whenever there is a mapping of a domain-name to a canonical name,
+    use this attribute. DNScname may be used for DNSrrset's with DNStype CNAME,
+    NS, MX, PTR or TXT. If the last character of a CNAME is a dot its name is
+    considered absolute. If it does not contain a dot, its name is prepended to
+    the zone-name.
+  * DNSpreference: This number is the mail-exchange preference as used by BIND.
+  * DNStype: This must be A, CNAME, NS, MX, PTR or TXT. It specifies the
+    DNSrrset type.
+  * DNSclass: Must be IN
+  * DNSttl: This is the time-to-live value as used by tinydns. If TTL is
+    non-zero (or omitted), the time-stamp is a starting time from where-on this
+    zone's information is valid. If TTL is zero, the timestamp is an ending
+    time (``time to die'').
+  * DNStimestamp: This is the timestamp as used by tinydns. It represents a
+    string as external TAI64 time-stamp, printed as 16 lowercase hexadecimal
+    characters
+  * DNSsrvpriority: Integer representing the relative priority of this DNS SRV
+    record. See menandmice.com for more information about DNS SRV records.
+  * DNSsrvweight: DNS SRV record weight field. Integer
+  * DNSsrvport: DNS SRV record port number. Integer
+
+
+Usage: Running ldap2dns
+
+ldap2dns and ldap2dnsd recognize the following options:
+
+-D binddn specify the distinguished name to bind to the LDAP directory
+-w bindpasswd use bindpasswd as password for simple authentication
+-b searchbase use searchbase as starting point for search instead default
+-o data generate a "data" file to be processed by tinydns-data
+-o db for each zone generate a "<zonename>.db" file to be used by named
+-L[filename] print output in LDIF format to [filename] or stdout for reimport
+-h host specify the hostname of LDAP directory. Default is localhost
+-p port portnumber to connect to LDAP directory. Defaults is 389
+-H ldapURI URI for LDAP server (examples: ldap://hostname or ldaps://hostname:636)
+-v run in verbose mode
+-vv even more verbose
+-V print version and exit
+-u numsecs update DNS data every numsecs.
+-t timeout timeout for LDAP searches, in seconds
+-M reclimit Limit LDAP results to reclimit number of records.
+
+ldap2dns and ldap2dnsd recognize the following environment variables:
+TINYDNSDIR: Specifies the directory where ldap2dns writes its data file.
+LDAP2DNS_UPDATE: Specifies the update intervall as the -u command line option
+would.
+LDAP2DNS_OUTPUT: Specifies the default output, as the -o command line option
+would. ldap2dns and ldap2dnsd use the following parameters from /etc/ldap.conf
+if not specified on the command line: BASE: The LDAP search base.
+HOST: The LDAP server.
+PORT: The LDAP port.
+
+If You are a tinydns user, run ldap2dns in /services/tinydns/root.
+If You are an openldap user, the command line switches are the same as for
+ldapsearch or ldapadd.
+
+$ ldap2dns -D "binddn" [ -w passwd ] -b "searchbase" \
+-o data -e "cd /var/tinydns/root && /usr/bin/tinydns-data"
+
+This generates a data file which is converted into a data.cdb by tinydns-data
+as soon as ldap2dns detects a modification in the LDAP directory. The password
+is required if You restrict read queries to authenticated users only. Test with
+
+$ dnsq any corp.local ipaddr
+
+Replace ipaddr with whatever You configured tinydns to listen to. If You are a
+BIND user, run ldap2dns in /var/named with
+
+$ ldap2dns -D "binddn" -w passwd -b "searchbase" \
+-o db -e "kill -HUP `cat /var/run/named-pid`"
+
+Do not forget to add You primary definition to your named.conf file. Your named
+should be restarted automatically as soon as ldap2dns detects a modification in
+the LDAP directory. If bind is not restarted, do so with
+
+# kill -HUP PID
+
+Now run
+
+$ nslookup - localhost
+> ns1.corp.local
+
+Note that nslookup only works with tinydns if your nameserver resolves its
+IP-address backwards.
+
+Usage: Running ldap2dnsd
+
+When ldap2dns is invoked as ldap2dnsd, the program starts as backgound-daemon
+and continuously checks for modifications in the LDAP directory. If the the
+daemon sees a modification in the DNSserial numbers it updates the data or .db
+files, depending what kind of output was configured. This check is done about
+once a minute and is configurable.
+The command-line options for ldap2dnsd are the same as for ldap2dns. Use the -u
+option to modify the update interval. You may also use -u on ldap2dns to start
+as a foreground daemon. This is useful if You want to run ldap2dns from
+daemontools.
+
+These instructions assume you will be running ldap2dns under daemontoolsb> and
+that tinydns is also running under daemontools. These instructions also assume
+you are using Dan Bernstein's standard directory locations. Make sure you
+change the below examples to match your environment.
+
+Start by creating the a non-root user to run your ldap2dns and associated
+logging mechanism:
+
+# groupadd -r ldap2dns
+# useradd -r -d /dev/null -s /bin/false -c "ldap2dns Daemon" \
+ -g ldap2dns ldap2dns
+# groupadd -r l2dnslog
+# useradd -r -d /dev/null -s /bin/false -c "ldap2dns Logger" \
+ -g l2dnslog l2dnslog
+
+
+Next configure the ldap2dns area to be managed by daemontools. Typically this
+is /etc/ldap2dns
+
+# cd /etc
+# ldap2tinydns-conf ldap2dns l2dnslog /etc/ldap2dns /etc/tinydns/root
+
+The syntax is close to tinydns-conf except that you will also need to specify
+the path to the root directory for tinydns. This is the directory that holds
+the data file.
+
+Next edit the file /etc/ldap2dns/run and optionally the environment variables
+in /etc/ldap2dns/env as necessary for your environment. This may include
+configuring a base DN, a bind DN, a password, and an interval.
+
+When everything is ready configured properly create a symlink from /etc/
+ldap2dns into /service. This action will cause daemontools to launch ldap2dns.
+
+# ln -s /etc/ldap2dns /service/ldap2dns
+
+After a few seconds daemontools starts ldap2dnsd which itself generates data
+files whenever a modification is commited into the LDAP directory.
+
+Importing DNS data from an existing AXFR capable (BIND) name server
+
+A perl-script import.pl is contained in this package. Edit the first lines of
+the script to conform to Your configuration. If You have installed the Perl
+packages Net::LDAP and Net::DNS skip the following lines, otherwise do
+
+# perl -MCPAN -e 'shell'
+(...snip...)
+> install Net::DNS
+> install Net::LDAP
+
+Now check that Your nameserver allows zone transfers to your host and run the
+import script:
+
+$ echo 'primary mydomain.org ' | ./import.pl
+
+for a single domain or
+
+# cat named.boot | ./import.pl
+
+to populate Your LDAP directory.
+
+Importing DNS data from an existing TinyDNS name server
+
+Use the supplied data2ldap.pl in the scripts/ directory
+
+$ data2ldap.pl data data.ldif ou=DNS,dc=example,dc=com
+
+More to come...
+
+
+Roadmap
+
+A browser-based administration toolkit, which connects directly to the
+LDAP-directory service.
+
+To Do
+
+  * Write a man page.
+  * named.conf should be created automatically.
+
+Copyright and Disclaimer
+
+This program is Copyright 1999-2004 Jacob Rief and 2005-2006 Ben Klang
+This program is licensed under the GPL version 2
+
+ldap2dns was originally written by Jacob Rief (jacob.rief@tiscover.com). It is
+now maintained by Ben Klang (bklang@alkaloid.net). If you run ldap2dns on a
+production nameserver, please send the maintainer an email and mention on what
+OS and with which nameserver you do so.
+
+Disclaimer: The author and all contributors disclaim any kind of warranty or
+liability or suitability for any purpose. By running this software you agree
+that you are a competent systems administrator and will bear the responsibility
+for your actions.
+
+Download
+
+Latest Release: ldap2dns version 0.4.1
+
+Released October 19, 2006
+ChangeLog
+
+
+Developer Access:
+
+The bleeding edge of ldap2dns is in the Alkaloid Networks subversion repository
+found at https://svn.alkaloid.net/gpl/ldap2dns/trunk.
+
+Following the Subversion standard, releases are kept in /gpl/ldap2dns/tags and
+branches are in /gpl/ldap2dns/branches.
+
diff --git a/doc/README.html b/doc/README.html
index 32f84b5..1d1d417 100644
--- a/doc/README.html
+++ b/doc/README.html
@@ -1,510 +1,695 @@
-<!-- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
-"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> -->
-<!-- <html><title>ldap2dns</title>
-<body> -->
-<div id="project">
-<script src="/toc.js" type="text/javascript"></script>
-<h1 align="center">LDAP to DNS gateway</h1>
-<p style="font-size: 14px"><b>ldap2dns</b> is a program to read DNS (Domain Name Service)
-records from an LDAP directory and format them into flat files suitable for TinyDNS (or Bind).</p>
-<p><b>ldap2dns</b> reduces all kind of administration overhead: No
-more flat file editing, no more zone file editing. After having
-installed <b>ldap2dns</b>, the administrator only has to access the
-LDAP directory.<br />
-Optionally access control can be configured for each zone, GUIs can
-be more easily implemented, and add all other kind of zone and resource
-record information can be managed without interfering with the DNS server.<br />
-<b>ldap2dns</b> is designed to write ASCII data files used by
-<a href="http://cr.yp.to/djbdns/tinydns.html"><i>tinydns</i></a> from the <a href="http://cr.yp.to/"><i>djbdns</i></a> package, but also may be used
-to write .db-files used by <i>named</i> as found in the <i>BIND</i>
-package.</p>
-
-
-<div id="toc"></div>
-
-<script language="JavaScript" type="text/javascript">
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta name="generator" content=
+    "HTML Tidy for Linux (vers 12 April 2005), see www.w3.org" />
+    <title>
+      ldap2dns
+    </title>
+  </head>
+  <body>
+    <div id="project">
+      <script src="/toc.js" type="text/javascript">
+</script>
+      <h1 align="center">
+        LDAP to DNS gateway
+      </h1>
+      <p style="font-size: 14px">
+        <b>ldap2dns</b> is a program to read DNS (Domain Name
+        Service) records from an LDAP directory and format them
+        into flat files suitable for TinyDNS (or Bind).
+      </p>
+      <p>
+        <b>ldap2dns</b> reduces all kind of administration
+        overhead: No more flat file editing, no more zone file
+        editing. After having installed <b>ldap2dns</b>, the
+        administrator only has to modify the data stored in the
+        LDAP directory.<br />
+        <br />
+        Optionally access control can be configured for each zone,
+        GUIs can be more easily implemented, and add all other kind
+        of zone and resource record information can be managed
+        without interfering with the DNS server.<br />
+        <br />
+        <b>ldap2dns</b> is designed to write ASCII data files used
+        by <a href=
+        "http://cr.yp.to/djbdns/tinydns.html"><i>tinydns</i></a>
+        from the <a href="http://cr.yp.to/"><i>djbdns</i></a>
+        package, but also may be used to write zone db files used
+        by <i>named</i> as found in the <i>BIND</i> package.
+      </p>
+      <p>
+        <b>ldap2dns</b> is known to compile and run under Linux and
+        Solaris using GCC or Sun Studio C Compiler.
+      </p>
+      <div id="toc"></div><script language="JavaScript" type=
+      "text/javascript">
+//<![CDATA[
 <!--
 document.write(addEntry('Introduction', 'Introduction'));
 // -->
-</script>
-<noscript>
-<h3>Introduction</h3>
-</noscript>
-Often it is desirable to store DNS information in a database rather
-than in flat text files. This can greatly help to reduce
-administration overhead since associate information such as billing
-contact, account management, etc. can be stored and processed
-inside the same database. Also due to the nature of DNS,
-information must be stored redundantly on two or more hosts. The
-classical data replication through zone transfer is unreliable,
-insecure and difficult to administer.<br />
-To solve this problem some proprietary attempts have been proposed
-to store DNS information in relational databases. The nature of
-DNS, however, is hierarchical and such should the database be.
-Using a relational database to store DNS information is
-undesirable, because it becomes difficult to store free form
-information. Within a hierachical data scheme, the administrator
-might define more than one IP-address for each canonical name. To
-implement such a feature in a relational database without breaking
-the normalization rules, one would have to add another table.<br />
-One of the most widely spread hierarchical database protocols is
-LDAP. <b>ldap2dns</b> retrieves DNS information stored in an LDAP
-directory service and generates a file suitable for
-name-servers.<br />
-Actually the most widely spread name-servers <a href="http://www.isc.org/products/BIND/">named</a> and <a href="http://cr.yp.to/djbdns/tinydns.html">tinydns</a> are supported.
-
-<b>ldap2dns</b> specially has been designed to work with tinydns
-and is the favored name server daemon for the author of this
-program. <b>ldap2dns</b> can also generate files suitable for
-<i>named</i> version 8, but this feature is not well supported.
-There is a <a href="http://www.alternic.org/drafts/drafts-m-n/draft-miller-dns-ldap-schema-00.txt">
-RFC</a> for a format description how to store DNS information in
-LDAP. This paper a draft RFC which expired in February 1999, looks
-as if it has been specially designed to be used by <i>named</i>.
-This scheme does not have strict attribute-value-pair mapping,
-making it difficult to be used by user interfaces. It also lacks of
-an implementation (or I have never heard of any).<br />
-Since <i>tinydns</i> is going another descriptive way. Therefore I
-implemented a similar object-scheme more suitable for <i>tinydns</i>.
-<br />
-
-<script language="JavaScript" type="text/javascript">
+//]]>
+</script> <noscript>
+      <h3>
+        Introduction
+      </h3></noscript> Often it is desirable to store DNS
+      information in a database rather than in flat text files.
+      This can greatly help to reduce administration overhead since
+      associate information such as billing contact, account
+      management, etc. can be stored and processed inside the same
+      database. Also due to the nature of DNS, information must be
+      stored redundantly on two or more hosts. The classical data
+      replication through zone transfer is unreliable, insecure and
+      difficult to administer.<br />
+      <br />
+      To solve this problem some proprietary attempts have been
+      proposed to store DNS information in relational databases.
+      The nature of DNS, however, is hierarchical and such should
+      the database be. Using a relational database to store DNS
+      information is undesirable, because it becomes difficult to
+      store free form information. Within a hierachical data
+      scheme, the administrator might define more than one
+      IP-address for each canonical name. To implement such a
+      feature in a relational database without breaking the
+      normalization rules, one would have to add another
+      table.<br />
+      <br />
+      One of the most widely spread hierarchical database protocols
+      is LDAP. <b>ldap2dns</b> retrieves DNS information stored in
+      an LDAP directory service and generates a file suitable for
+      name-servers.<br />
+      <br />
+      The two most-widely-used domain name service daemons,
+      <a href="http://www.isc.org/products/BIND/">named</a> and
+      <a href="http://cr.yp.to/djbdns/tinydns.html">tinydns</a> are
+      supported.<br />
+      <br />
+      <b>ldap2dns</b> specifically has been designed to work with
+      tinydns and is the favored name server daemon for the author
+      of this program. <b>ldap2dns</b> can also generate files
+      suitable for <i>named</i> version 8 (and possibly version 9),
+      but this feature is not well supported.<br />
+      <br />
+      There is a <a href=
+      "http://www.alternic.org/drafts/drafts-m-n/draft-miller-dns-ldap-schema-00.txt">
+      RFC</a> for a format description how to store DNS information
+      in LDAP. This paper a draft RFC which expired in February
+      1999, looks as if it has been specially designed to be used
+      by <i>named</i>. This scheme does not have strict
+      attribute-value-pair mapping, making it difficult to be used
+      by user interfaces. It also lacks of an implementation (or I
+      have never heard of any).<br />
+      Since <i>tinydns</i> is going another descriptive way the
+      original author implemented a similar object-scheme more
+      suitable for <i>tinydns</i>.<br />
+      <script language="JavaScript" type="text/javascript">
+//<![CDATA[
 <!--
 document.write(addEntry('Quickstart', 'Quickstart'));
 // -->
-</script>
-<noscript>
-<h3>Installation</h3>
-</noscript>
-<ul>
-<li>Install an LDAP server such as <a href="www.openldap.org">openldap</a>. Other LDAP implementations may
-work but have not been tested. Also install the development
-libraries and include files.</li>
-<li>Install <a href="http://cr.yp.to/djbdns.html">djbdns</a> or if
-you really have to, go with BIND.<br />
-I suggest to install <i>tinydns</i> included in the <b>djbdns</b>
-
-package, because it is safer, but You may have reasons why You want
-to use BIND.</li>
-<li>Install <b>ldap2dns</b><br />
-Unpack the package and build it:
-<pre>
+//]]>
+</script> <noscript>
+      <h3>
+        Installation
+      </h3></noscript>
+      <ul>
+        <li>Install an LDAP server such as <a href=
+        "www.openldap.org">openldap</a>. Other LDAP implementations
+        may work but have not been tested. If you are building from
+        source you will need to also install the development
+        libraries and include files. On most package based systems
+        these would be the -devel packages (example:
+        openldap-devel).<br />
+        </li>
+        <li>Install <a href=
+        "http://cr.yp.to/djbdns.html">djbdns</a> or BIND.
+        Configuring the nameserver to automatically start and work
+        in your environment is beyond the scope of this
+        document.<br />
+        </li>
+        <li>Install <b>ldap2dns</b><br />
+          From RPM:<br />
+          <pre>
+$ sudo rpm -Uhv ldap2dns.rpm
+</pre>Replace "ldap2dns.rpm" with the file you have
+downloaded.<br />
+          Now that you have it installed, skip to <a href=
+          "#Configuration">Usage</a> to continue.<br />
+          <br />
+          To build ldap2dns from source:<br />
+          Unpack the package and build it:
+          <pre>
 $ gzcat ldap2dns.tar.gz | tar x
 $ cd ldap2dns-version
 $ make
-$ make install
+$ sudo make install
 </pre>
-Copy the file <i>ldap2dns.schema</i> into the directory
-/etc/openldap/schema. Add the following
-line to Your slapd.conf file:<br />
-<pre>
-include         /etc/openldap/schema/ldap2dns.schema
-</pre>
-Now restart your LDAP server.</li>
-<br />
-<i>Note: If you are running OpenLDAP 2.0 or earlier look for appropriate
-schema files for your version in the <b>deprecated/</b> subdirectory.  These
-files are known to work as of ldap2dns 0.3.5 but are no longer supported for future
-feature updates.</i><br />
-<br />
-<li>Start to populate your LDAP server with DNS information. As a
-first test do
-<pre>
-$ ldapadd -D "<i>binddn</i>" -w <i>password</i> &lt; example.ldif
-</pre>
-Replace 'myorg' and 'binddn' with whatever is appropriate on Your
-system. Start a search and see if something was added
-<pre>
-$ ldapsearch -D "<i>binddn</i>" "objectclass=dnsrrset"
-</pre></li>
-<li>Test <b>ldap2dns</b>
-<pre>
-$ ./ldap2dns -D "<i>binddn</i>" [ -b "<i>searchbase</i>" ] [ -w <i>passwd</i> ] -o data -o db -L
-</pre>
-This should create a 'data' file, a 'corp.local.db' file and should
-print the DNS content.<br />
-Note: The <i>data</i> file is text data which can be processed with
-<b>tinydns-data</b>. <i>corp.local.db</i> is the file as used by
-<b>named</b>. If You are using bind, You also have to adopt the
-file <i>/etc/named.conf</i> and You have to restart named.</li>
-
-</ul>
-<br />
-<script language="JavaScript" type="text/javascript">
+        </li>
+      </ul><br />
+      <script language="JavaScript" type="text/javascript">
+//<![CDATA[
 <!--
 document.write(addEntry('Configuration', 'Configuration'));
 // -->
-</script>
-<noscript>
-<h3>Configuration</h3>
-</noscript>
-Two object-classes have been defined.
-<em>DNSzone</em> stores all the information to define a DNS zone,
-such as the SOA (Start Of Authority), serial numbers etc.
-<em>DNSrrset</em> is used to store the information for a single
-resource record, such as the domain name, IP-addresses, class and
-type.<br />
-Here are the tables:
-<h4>DNSzone</h4>
-This object-class represents a DNS zone. It is the container for
-all the resource records within a zone. Zones can be primary or
-secondary. If used in conjunction with <i>tinydns</i> zones are
-always primary. Secondary zones don't make sense anyway! In
-addition to being a container, the zone object has attributes
-related to the management of the zone. These include the zone's SOA
-information. Each zone-object can have none to many children of
-class <b>DNSrrset</b>.<br />
-
-<table bgcolor="#EEEEEE">
-<tr>
-<th>ATTRIBUTE</th>
-<th>VALUE</th>
-<th>Comment</th>
-</tr>
-<tr>
-<td>objectclass</td>
-<td>DNSzone</td>
-<td>required</td>
-</tr>
-
-<tr>
-<td>cn</td>
-<td><i>common name</i></td>
-<td>required</td>
-</tr>
-<tr>
-<td>DNSzonename</td>
-<td><i>Name of the zone</i></td>
-<td>required, multivalued</td>
-</tr>
-<tr>
-
-<td>DNSserial</td>
-<td><i>Serial number of SOA</i></td>
-<td>optional</td>
-</tr>
-<tr>
-<td>DNSrefresh</td>
-<td><i>Refresh time of SOA</i></td>
-<td>optional, only used for zone transfers</td>
-</tr>
-<tr>
-<td>DNSretry</td>
-
-<td><i>Retry time of SOA</i></td>
-<td>optional, only used for zone transfers</td>
-</tr>
-<tr>
-<td>DNSexpire</td>
-<td><i>Expire time of SOA</i></td>
-<td>optional, only used for zone transfers</td>
-</tr>
-<tr>
-<td>DNSminimum</td>
-<td><i>Minimum time to live</i></td>
-
-<td>optional, only used for zone transfers</td>
-</tr>
-<tr>
-<td>DNSadminmailbox</td>
-<td><i>Hostmaster's contact address</i></td>
-<td>optional</td>
-</tr>
-<tr>
-<td>DNSzonemaster</td>
-<td><i>Primary nameserver for this zone</i></td>
-<td>optional</td>
-
-</tr>
-<tr>
-<td>DNStype</td>
-<td>SOA</td>
-<td>must be SOA</td>
-</tr>
-<tr>
-<td>DNSclass</td>
-<td>IN</td>
-<td>must be IN</td>
-</tr>
-
-<tr>
-<td>DNSttl</td>
-<td><i>time to live</i></td>
-<td>optional, only used with tinydns</td>
-</tr>
-<tr>
-<td>DNStimestamp</td>
-<td><i>timestamp</i></td>
-<td>optional, only used with tinydns</td>
-</tr>
-</table>
-
-<ul>
-<li><b>DNSzonename:</b> This field is required to describe the
-zone's domain name, for instance myorg.com. More than one
-<b>DNSzonename</b> my be specified for a <b>DNSzone</b> so that the
-same host is accessable with different zonenames.</li>
-<li><b>DNSserial:</b> This is the serial number as used for BIND's
-zone transfers. Here it is used to inform <b>ldap2dns</b> that it
-has to rebuild its data-file. Without increasing the serial number
-
-<b>ldap2dns</b> will ignore all modifications until it is
-restarted.</li>
-<li><b>DNSrefresh, DNSretry, DNSexpire, DNSminimum:</b> You may
-safly ignore these numbers if You don't do zone-transfers. Since
-Your secondary nameserver will connect to the LDAP server the same
-way Your primary does, You don't need zone-transfers anyway.</li>
-<li><b>DNSzonemaster:</b> Here you specify the canonical name of
-your primary nameserver.</li>
-<li><b>DNSadminmailbox:</b> This is the contact address of Your
-DNS-administrator. The first dot is converted to a <i>@</i>.</li>
-
-<li><b>DNStype:</b> Must be <b>SOA</b> (Start Of Authority)</li>
-<li><b>DNSclass:</b> Must be <b>IN</b> (Internet, or do still use
-Chaosnet?)</li>
-<li><b>DNSttl:</b> This is the time-to-live value as used by
-
-<b>tinydns</b>. If TTL is nonzero (or omitted), the timestamp is a
-starting time from whereon this zone's information is valid. If TTL
-is zero, the timestamp is an ending time (``time to die'').</li>
-<li><b>DNStimestamp:</b> This is the timestamp as used by
-<b>tinydns</b>. It represents a string as external TAI64 timestamp,
-printed as 16 lowercase hexadecimal characters</li>
-</ul>
-<h4>DNSrrset</h4>
-The Resource Record Set represents all of the resource records for
-a given host name within a zone. It must be a child of a DNSzone
-object.<br />
-<table bgcolor="#EEEEEE">
-<tr>
-<th>ATTRIBUTE</th>
-
-<th>VALUE</th>
-<th>Comment</th>
-</tr>
-<tr>
-<td>objectclass</td>
-<td>DNSrrset</td>
-<td>required</td>
-</tr>
-<tr>
-<td>cn</td>
-<td><i>common name</i></td>
-
-<td>required</td>
-</tr>
-<tr>
-<td>DNSdomainname</td>
-<td><i>Name of this record</i></td>
-<td>optional, relative to zonename</td>
-</tr>
-<tr>
-<td>DNSipaddr</td>
-<td><i>IP address</i></td>
-<td>optional, mutivalued</td>
-
-</tr>
-<tr>
-<td>DNScname</td>
-<td><i>Canonical name</i></td>
-<td>optional, without ending dot relative to zonename</td>
-</tr>
-<tr>
-<td>DNSpreference</td>
-<td><i>integer</i></td>
-<td>optional, only used for MX records</td>
-</tr>
-
-<tr>
-<td>DNStype</td>
-<td>A, CNAME, NS, MX, PTR or TXT</td>
-<td>must be any valid record type</td>
-</tr>
-<tr>
-<td>DNSclass</td>
-<td>IN</td>
-<td>must be IN</td>
-</tr>
-<tr>
-
-<td>DNSttl</td>
-<td><i>time to live</i></td>
-<td>optional, only used with tinydns</td>
-</tr>
-<tr>
-<td>DNStimestamp</td>
-<td><i>timestamp</i></td>
-<td>optional, only used with tinydns</td>
-</tr>
-
-<tr>
-<td>DNSsrvpriority</td>
-<td><i>SRV Priority</i></td>
-<td>optional, defaults to 0 for <a href="http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">SRV</a> records</td>
-</tr>
-
-<tr>
-<td>DNSsrvweight</td>
-<td><i>SRV Weight</i></td>
-<td>optional, defaults to 0 for <a href="http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">SRV</a> records</td>
-</tr>
-
-<tr>
-<td>DNSsrvport</td>
-<td><i>SRV Port</i></td>
-<td>Required for <a href="http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">SRV</a> records</td>
-</tr>
-</table>
-<br />
-<ul>
-
-<li><b>DNSrrset:</b> This object-class must be a direct child of
-DNSzone. Its <b>dn</b> should be specified as
-<pre>
+//]]>
+</script> <noscript>
+      <h3>
+        Configuration
+      </h3></noscript>
+      <ul>
+        <li>Copy the file <i>ldap2dns.schema</i> into the directory
+        /etc/openldap/schema. Add the following line to Your
+        slapd.conf file:<br />
+          <pre>
+include         /etc/openldap/schema/ldap2dns.schema
+</pre>Now restart your LDAP server.<br />
+        </li>
+      </ul><i>Note: If you are running OpenLDAP 2.0 or earlier look
+      for appropriate schema files for your version in the
+      <b>deprecated/</b> subdirectory. These files are known to
+      work as of ldap2dns 0.3.5 but are no longer supported for
+      future feature updates.</i><br />
+      <br />
+      <ul>
+        <li>Start to populate your LDAP server with DNS
+        information. As a first test do
+          <pre>
+$ ldapadd -D "<i>binddn</i>" -w <i>password</i> &lt; example.ldif
+</pre>Replace 'myorg' and 'binddn' with whatever is appropriate on
+Your system. Start a search and see if something was added
+          <pre>
+$ ldapsearch -D "<i>binddn</i>" "objectclass=dnsrrset"
+</pre>
+        </li>
+        <li>Test <b>ldap2dns</b>
+          <pre>
+$ ./ldap2dns -D "<i>binddn</i>" [ -b "<i>searchbase</i>" ] [ -w <i>passwd</i> ] -o data -o db -L
+</pre>This should create a 'data' file, a 'corp.local.db' file and
+should print the DNS content.<br />
+          Note: The <i>data</i> file is text data which can be
+          processed with <b>tinydns-data</b>. <i>corp.local.db</i>
+          is the file as used by <b>named</b>. If You are using
+          bind, You also have to adopt the file
+          <i>/etc/named.conf</i> and You have to restart named.
+        </li>
+      </ul><br />
+      <br />
+      <script language="JavaScript" type="text/javascript">
+//<![CDATA[
+<!--
+document.write(addEntry('Schema', 'Schema Documentation'));
+// -->
+//]]>
+</script> <noscript>
+      <h3>
+        Schema Documentation
+      </h3></noscript> Two object-classes have been defined.
+      <em>DNSzone</em> stores all the information to define a DNS
+      zone, such as the SOA (Start Of Authority), serial numbers
+      etc. <em>DNSrrset</em> is used to store the information for a
+      single resource record, such as the domain name,
+      IP-addresses, class and type.<br />
+      Here are the tables:
+      <h4>
+        DNSzone
+      </h4>This object-class represents a DNS zone. It is the
+      container for all the resource records within a zone. Zones
+      can be primary or secondary. If used in conjunction with
+      <i>tinydns</i> zones are always primary. Secondary zones
+      don't make sense anyway! In addition to being a container,
+      the zone object has attributes related to the management of
+      the zone. These include the zone's SOA information. Each
+      zone-object can have none to many children of class
+      <b>DNSrrset</b>.<br />
+      <table bgcolor="#EEEEEE" summary=
+      "LDAP attributes used by DNS zones">
+        <tr>
+          <th>
+            ATTRIBUTE
+          </th>
+          <th>
+            VALUE
+          </th>
+          <th>
+            Comment
+          </th>
+        </tr>
+        <tr>
+          <td>
+            objectclass
+          </td>
+          <td>
+            DNSzone
+          </td>
+          <td>
+            required
+          </td>
+        </tr>
+        <tr>
+          <td>
+            cn
+          </td>
+          <td>
+            <i>common name</i>
+          </td>
+          <td>
+            required
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSzonename
+          </td>
+          <td>
+            <i>Name of the zone</i>
+          </td>
+          <td>
+            required, multivalued
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSserial
+          </td>
+          <td>
+            <i>Serial number of SOA</i>
+          </td>
+          <td>
+            optional
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSrefresh
+          </td>
+          <td>
+            <i>Refresh time of SOA</i>
+          </td>
+          <td>
+            optional, only used for zone transfers
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSretry
+          </td>
+          <td>
+            <i>Retry time of SOA</i>
+          </td>
+          <td>
+            optional, only used for zone transfers
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSexpire
+          </td>
+          <td>
+            <i>Expire time of SOA</i>
+          </td>
+          <td>
+            optional, only used for zone transfers
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSminimum
+          </td>
+          <td>
+            <i>Minimum time to live</i>
+          </td>
+          <td>
+            optional, only used for zone transfers
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSadminmailbox
+          </td>
+          <td>
+            <i>Hostmaster's contact address</i>
+          </td>
+          <td>
+            optional
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSzonemaster
+          </td>
+          <td>
+            <i>Primary nameserver for this zone</i>
+          </td>
+          <td>
+            optional
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNStype
+          </td>
+          <td>
+            SOA
+          </td>
+          <td>
+            must be SOA
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSclass
+          </td>
+          <td>
+            IN
+          </td>
+          <td>
+            must be IN
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSttl
+          </td>
+          <td>
+            <i>time to live</i>
+          </td>
+          <td>
+            optional, only used with tinydns
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNStimestamp
+          </td>
+          <td>
+            <i>timestamp</i>
+          </td>
+          <td>
+            optional, only used with tinydns
+          </td>
+        </tr>
+      </table>
+      <ul>
+        <li>
+          <b>DNSzonename:</b> This field is required to describe
+          the zone's domain name, for instance myorg.com. More than
+          one <b>DNSzonename</b> my be specified for a
+          <b>DNSzone</b> so that the same host is accessable with
+          different zonenames.
+        </li>
+        <li>
+          <b>DNSserial:</b> This is the serial number as used for
+          BIND's zone transfers. Here it is used to inform
+          <b>ldap2dns</b> that it has to rebuild its data-file.
+          Without increasing the serial number <b>ldap2dns</b> will
+          ignore all modifications until it is restarted.
+        </li>
+        <li>
+          <b>DNSrefresh, DNSretry, DNSexpire, DNSminimum:</b> You
+          may safly ignore these numbers if You don't do
+          zone-transfers. Since Your secondary nameserver will
+          connect to the LDAP server the same way Your primary
+          does, You don't need zone-transfers anyway.
+        </li>
+        <li>
+          <b>DNSzonemaster:</b> Here you specify the canonical name
+          of your primary nameserver.
+        </li>
+        <li>
+          <b>DNSadminmailbox:</b> This is the contact address of
+          Your DNS-administrator. The first dot is converted to a
+          <i>@</i>.
+        </li>
+        <li>
+          <b>DNStype:</b> Must be <b>SOA</b> (Start Of Authority)
+        </li>
+        <li>
+          <b>DNSclass:</b> Must be <b>IN</b> (Internet, or do still
+          use Chaosnet?)
+        </li>
+        <li>
+          <b>DNSttl:</b> This is the time-to-live value as used by
+          <b>tinydns</b>. If TTL is nonzero (or omitted), the
+          timestamp is a starting time from whereon this zone's
+          information is valid. If TTL is zero, the timestamp is an
+          ending time (``time to die'').
+        </li>
+        <li>
+          <b>DNStimestamp:</b> This is the timestamp as used by
+          <b>tinydns</b>. It represents a string as external TAI64
+          timestamp, printed as 16 lowercase hexadecimal characters
+        </li>
+      </ul>
+      <h4>
+        DNSrrset
+      </h4>The Resource Record Set represents all of the resource
+      records for a given host name within a zone. It must be a
+      child of a DNSzone object.<br />
+      <table bgcolor="#EEEEEE" summary=
+      "LDAP attributes for DNS records">
+        <tr>
+          <th>
+            ATTRIBUTE
+          </th>
+          <th>
+            VALUE
+          </th>
+          <th>
+            Comment
+          </th>
+        </tr>
+        <tr>
+          <td>
+            objectclass
+          </td>
+          <td>
+            DNSrrset
+          </td>
+          <td>
+            required
+          </td>
+        </tr>
+        <tr>
+          <td>
+            cn
+          </td>
+          <td>
+            <i>common name</i>
+          </td>
+          <td>
+            required
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSdomainname
+          </td>
+          <td>
+            <i>Name of this record</i>
+          </td>
+          <td>
+            optional, relative to zonename
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSipaddr
+          </td>
+          <td>
+            <i>IP address</i>
+          </td>
+          <td>
+            optional, mutivalued
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNScname
+          </td>
+          <td>
+            <i>Canonical name</i>
+          </td>
+          <td>
+            optional, without ending dot relative to zonename
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSpreference
+          </td>
+          <td>
+            <i>integer</i>
+          </td>
+          <td>
+            optional, only used for MX records
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNStype
+          </td>
+          <td>
+            A, CNAME, NS, MX, PTR or TXT
+          </td>
+          <td>
+            must be any valid record type
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSclass
+          </td>
+          <td>
+            IN
+          </td>
+          <td>
+            must be IN
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSttl
+          </td>
+          <td>
+            <i>time to live</i>
+          </td>
+          <td>
+            optional, only used with tinydns
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNStimestamp
+          </td>
+          <td>
+            <i>timestamp</i>
+          </td>
+          <td>
+            optional, only used with tinydns
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSsrvpriority
+          </td>
+          <td>
+            <i>SRV Priority</i>
+          </td>
+          <td>
+            optional, defaults to 0 for <a href=
+            "http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">
+            SRV</a> records
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSsrvweight
+          </td>
+          <td>
+            <i>SRV Weight</i>
+          </td>
+          <td>
+            optional, defaults to 0 for <a href=
+            "http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">
+            SRV</a> records
+          </td>
+        </tr>
+        <tr>
+          <td>
+            DNSsrvport
+          </td>
+          <td>
+            <i>SRV Port</i>
+          </td>
+          <td>
+            Required for <a href=
+            "http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">
+            SRV</a> records
+          </td>
+        </tr>
+      </table><br />
+      <ul>
+        <li>
+          <b>DNSrrset:</b> This object-class must be a direct child
+          of DNSzone. Its <b>dn</b> should be specified as
+          <pre>
 cn=<i>domainname</i>,cn=<i>zonename</i>,...
-</pre></li>
-<li><b>DNSdomainname</b> This is the partial domain-name, ie. the
-part in front of the zone-name.</li>
-
-<li><b>DNSipaddr:</b> This specifies the IP-address in dotted
-format. It can be used for <b>DNSrrset</b>'s of type <b>A, NS,
-MX</b> or <b>PTR</b>. <b>DNSipaddr</b> is multivalued to specifiy
-more than one IP-address for a service. If used in
-<b>DNSrrset</b>'s with <b>DNStype</b> = <b>PTR</b> it overrides the
-old-fashioned form used in <b>DNSdomainname</b> such as
-13.178.23.in-addr.arpa for reverse lookups.</li>
-
-<li><b>DNScname:</b> Whenever there is a mapping of a domain-name
-to a canonical name, use this attribute. <b>DNScname</b> may be
-used for <b>DNSrrset</b>'s with <b>DNStype CNAME, NS, MX, PTR or
-TXT</b>. If the last character of a CNAME is a dot its name is
-considered absolute. If it does not contain a dot, its name is
-prepended to the zone-name.</li>
-<li><b>DNSpreference:</b> This number is the mail-exchange
-preference as used by BIND.</li>
-<li><b>DNStype:</b> This must be <b>A, CNAME, NS, MX, PTR</b> or
-
-<b>TXT</b>. It specifies the DNSrrset type.</li>
-<li><b>DNSclass:</b> Must be <b>IN</b></li>
-<li><b>DNSttl:</b> This is the time-to-live value as used by
-<b>tinydns</b>. If TTL is non-zero (or omitted), the time-stamp is
-a starting time from where-on this zone's information is valid. If
-TTL is zero, the timestamp is an ending time (``time to
-die'').</li>
-<li><b>DNStimestamp:</b> This is the timestamp as used by
-
-<b>tinydns</b>. It represents a string as external TAI64
-time-stamp, printed as 16 lowercase hexadecimal characters</li>
-<li><b>DNSsrvpriority:</b> Integer representing the relative priority of this DNS SRV record. See <a href="http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">menandmice.com</a> for more information about DNS SRV records.</li>
-<li><b>DNSsrvweight:</b> DNS SRV record weight field.  Integer</li>
-<li><b>DNSsrvport:</b> DNS SRV record port number.  Integer</li>
-</ul>
-<br />
-
-<script language="JavaScript" type="text/javascript">
+</pre>
+        </li>
+        <li>
+          <b>DNSdomainname</b> This is the partial domain-name, ie.
+          the part in front of the zone-name.
+        </li>
+        <li>
+          <b>DNSipaddr:</b> This specifies the IP-address in dotted
+          format. It can be used for <b>DNSrrset</b>'s of type
+          <b>A, NS, MX</b> or <b>PTR</b>. <b>DNSipaddr</b> is
+          multivalued to specifiy more than one IP-address for a
+          service. If used in <b>DNSrrset</b>'s with <b>DNStype</b>
+          = <b>PTR</b> it overrides the old-fashioned form used in
+          <b>DNSdomainname</b> such as 13.178.23.in-addr.arpa for
+          reverse lookups.
+        </li>
+        <li>
+          <b>DNScname:</b> Whenever there is a mapping of a
+          domain-name to a canonical name, use this attribute.
+          <b>DNScname</b> may be used for <b>DNSrrset</b>'s with
+          <b>DNStype CNAME, NS, MX, PTR or TXT</b>. If the last
+          character of a CNAME is a dot its name is considered
+          absolute. If it does not contain a dot, its name is
+          prepended to the zone-name.
+        </li>
+        <li>
+          <b>DNSpreference:</b> This number is the mail-exchange
+          preference as used by BIND.
+        </li>
+        <li>
+          <b>DNStype:</b> This must be <b>A, CNAME, NS, MX, PTR</b>
+          or <b>TXT</b>. It specifies the DNSrrset type.
+        </li>
+        <li>
+          <b>DNSclass:</b> Must be <b>IN</b>
+        </li>
+        <li>
+          <b>DNSttl:</b> This is the time-to-live value as used by
+          <b>tinydns</b>. If TTL is non-zero (or omitted), the
+          time-stamp is a starting time from where-on this zone's
+          information is valid. If TTL is zero, the timestamp is an
+          ending time (``time to die'').
+        </li>
+        <li>
+          <b>DNStimestamp:</b> This is the timestamp as used by
+          <b>tinydns</b>. It represents a string as external TAI64
+          time-stamp, printed as 16 lowercase hexadecimal
+          characters
+        </li>
+        <li>
+          <b>DNSsrvpriority:</b> Integer representing the relative
+          priority of this DNS SRV record. See <a href=
+          "http://www.menandmice.com/online_docs_and_faq/glossary/srv.record.htm">
+          menandmice.com</a> for more information about DNS SRV
+          records.
+        </li>
+        <li>
+          <b>DNSsrvweight:</b> DNS SRV record weight field. Integer
+        </li>
+        <li>
+          <b>DNSsrvport:</b> DNS SRV record port number. Integer
+        </li>
+      </ul><br />
+      <script language="JavaScript" type="text/javascript">
+//<![CDATA[
 <!--
 document.write(addEntry('ldap2dns', 'Usage: Running ldap2dns'));
 // -->
-</script>
-<noscript>
-<h3>Usage: Running ldap2dns</h3>
-</noscript>
-If You are a tinydns user, run <b>ldap2dns</b> in /services/tinydns/root.<br />
-If You are an openldap user, the command line switches are the same as for ldapsearch
-or ldapadd.
-<pre>
-$ ldap2dns -D "<I>binddn</I>" [ -w <I>passwd</I> ] -b "<I>searchbase</I>" \
--o data -e "cd /var/tinydns/root &amp;&amp; /usr/bin/tinydns-data"
-</pre>
-This generates a data file which is converted into a data.cdb by tinydns-data as
-soon as ldap2dns detects a modification in the LDAP directory.
-The password is required if You restrict read queries to authenticated users only.
-Test with
-<pre>
-$ dnsq any corp.local <I>ipaddr</I>
-</pre>
-Replace <I>ipaddr</I> with whatever You configured tinydns to listen to.
-
-
-If You are a BIND user, run <B>ldap2dns</B> in /var/named with
-<pre>
-$ ldap2dns -D "<I>binddn</I>" -w <I>passwd</I> -b "<I>searchbase</I>" \
--o db -e "kill -HUP `cat /var/run/named-pid`"
-</pre>
-Do not forget to add You primary definition to Your named.boot file.
-Your named should be restarted automatically as soon as ldap2dns detects a modification
-in the LDAP directory. If bind is not restarted, do so with
-<pre>
-# kill -HUP <I>PID</I>
-</pre>
-Now run
-<pre>
-$ nslookup - localhost
-> ns1.corp.local
-</pre>
-Note that <B>nslookup</B> only works with <B>tinydns</B> if Your nameserver resolves its IP-address
-backwards.
-
-<script language="JavaScript" type="text/javascript">
-<!--
-document.write(addEntry('ldap2dnsd', 'Usage: Running ldap2dnsd'));
-// -->
-</script>
-<noscript>
-<h3>Usage: Running ldap2dnsd</h3>
-</noscript>
-When <b>ldap2dns</b> is invoked as <b>ldap2dnsd</b>, the program
-starts as backgound-daemon and continuously checks for modifications in the LDAP directory.
-If the the daemon sees a modification in the <b>DNSserial</b> numbers it updates the data
-or .db files, depending what kind of output was configured. This check is done about once
-a minute and is configurable.<br />
-The command-line options for <b>ldap2dnsd</b> are the same as for <b>ldap2dns</b>.
-Use the -u option to modify the update interval. You may also use -u on <b>ldap2dns</b>
-to start as a foreground daemon. This is useful if You want to run <b>ldap2dns</b> from
-<b><a href="http://cr.yp.to/daemontools.html">daemontools</a></b>.<br />
-<br />
-These instructions assume you will be running <b>ldap2dns</b> under
-<b>daemontools</b>b> and that tinydns is also running under
-daemontools.  These instructions also assume you are using Dan Bernstein's
-standard directory locations.  Make sure you change the below examples
-to match your environment.<br />
-<br />
-Start by creating the a non-root user to run your ldap2dns and associated
-logging mechanism:
-<pre>
-# groupadd -r ldap2dns
-# useradd -r -d /dev/null -s /bin/false -c "ldap2dns Daemon" \
- -g ldap2dns ldap2dns
-# groupadd -r l2dnslog
-# useradd -r -d /dev/null -s /bin/false -c "ldap2dns Logger" \
- -g l2dnslog l2dnslog
-</pre>
-<br />
-Next configure the ldap2dns area to be managed by <b>daemontools</b>.
-Typically this is <i>/etc/ldap2dns</i>
-<pre>
-# cd /etc
-# ldap2tinydns-conf ldap2dns l2dnslog /etc/ldap2dns /etc/tinydns/root
-</pre>
-The syntax is close to tinydns-conf except that you will also need to specify
-the path to the <i>root</i> directory for tinydns.  This is the directory that
-holds the <i>data</i> file.<br />
-<br />
-Next edit the file <i>/etc/ldap2dns/run</i> and optionally the environment
-variables in <i>/etc/ldap2dns/env</i> as necessary for your environment.  This
-may include configuring a base DN, a bind DN, a password, and an interval.<br />
-<br />
-When everything is ready configured properly create a symlink from
-<i>/etc/ldap2dns</i> into <i>/service</i>.  This action will cause
-<b>daemontools</b> to launch <b>ldap2dns</b>.
-<pre>
-# ln -s /etc/ldap2dns /service/ldap2dns
-</pre>
-After a few seconds <b>daemontools</b> starts <b>ldap2dnsd</b> which itself generates data
-files whenever a modification is commited into the LDAP directory.
-
-<b>ldap2dns</b> and <b>ldap2dnsd</b> recognize the following options:
-<pre>
+//]]>
+</script> <noscript>
+      <h3>
+        Usage: Running ldap2dns
+      </h3></noscript> <b>ldap2dns</b> and <b>ldap2dnsd</b>
+      recognize the following options:
+      <pre>
 -D <i>binddn</i> specify the distinguished name to bind to the LDAP directory
 -w <i>bindpasswd</i> use bindpasswd as password for simple authentication
 -b <i>searchbase</i> use searchbase as starting point for search instead default
@@ -513,226 +698,245 @@ files whenever a modification is commited into the LDAP directory.
 -L[<i>filename</i>] print output in LDIF format to [<i>filename</i>] or stdout for reimport
 -h <i>host</i> specify the hostname of LDAP directory. Default is localhost
 -p <i>port</i> portnumber to connect to LDAP directory. Defaults is 389
+-H <i>ldapURI</i> URI for LDAP server (examples: <i>ldap://hostname</i> or <i>ldaps://hostname:636</i>)
 -v run in verbose mode
 -vv even more verbose
 -V print version and exit
 -u <i>numsecs</i> update DNS data every numsecs.
-</pre>
-<b>ldap2dns</b> and <b>ldap2dnsd</b> recognizes the following environement
-variables:<br />
-<b>TINYDNSDIR</b>: Specifies the directory where ldap2dns writes its data
-file.<br />
-<b>LDAP2DNS_UPDATE</b>: Specifies the update intervall as the -u command line
-option would.<br />
-<b>LDAP2DNS_OUTPUT</b>: Specifies the default output, as the -o command line
-option would.
-
-<b>ldap2dns</b> and <b>ldap2dnsd</b> use the following parameters from
-/etc/ldap.conf if not
-specified on the command line:
-<b>BASE</b>: The LDAP search base.<br />
-<b>HOST</b>: The LDAP server.<br />
-<b>PORT</b>: The LDAP port.
-
+-t <i>timeout</i> timeout for LDAP searches, in seconds
+-M <i>reclimit</i> Limit LDAP results to <i>reclimit</i> number of records.
+</pre><b>ldap2dns</b> and <b>ldap2dnsd</b> recognize the following
+environment variables:<br />
+      <b>TINYDNSDIR</b>: Specifies the directory where ldap2dns
+      writes its data file.<br />
+      <b>LDAP2DNS_UPDATE</b>: Specifies the update intervall as the
+      -u command line option would.<br />
+      <b>LDAP2DNS_OUTPUT</b>: Specifies the default output, as the
+      -o command line option would. <b>ldap2dns</b> and
+      <b>ldap2dnsd</b> use the following parameters from
+      /etc/ldap.conf if not specified on the command line:
+      <b>BASE</b>: The LDAP search base.<br />
+      <b>HOST</b>: The LDAP server.<br />
+      <b>PORT</b>: The LDAP port.<br />
+      <br />
+      If You are a tinydns user, run <b>ldap2dns</b> in
+      /services/tinydns/root.<br />
+      If You are an openldap user, the command line switches are
+      the same as for ldapsearch or ldapadd.
+      <pre>
+$ ldap2dns -D "<i>binddn</i>" [ -w <i>passwd</i> ] -b "<i>searchbase</i>" \
+-o data -e "cd /var/tinydns/root &amp;&amp; /usr/bin/tinydns-data"
+</pre>This generates a data file which is converted into a data.cdb
+by tinydns-data as soon as ldap2dns detects a modification in the
+LDAP directory. The password is required if You restrict read
+queries to authenticated users only. Test with
+      <pre>
+$ dnsq any corp.local <i>ipaddr</i>
+</pre>Replace <i>ipaddr</i> with whatever You configured tinydns to
+listen to. If You are a BIND user, run <b>ldap2dns</b> in
+/var/named with
+      <pre>
+$ ldap2dns -D "<i>binddn</i>" -w <i>passwd</i> -b "<i>searchbase</i>" \
+-o db -e "kill -HUP `cat /var/run/named-pid`"
+</pre>Do not forget to add You primary definition to your
+named.conf file. Your named should be restarted automatically as
+soon as ldap2dns detects a modification in the LDAP directory. If
+bind is not restarted, do so with
+      <pre>
+# kill -HUP <i>PID</i>
+</pre>Now run
+      <pre>
+$ nslookup - localhost
+&gt; ns1.corp.local
+</pre>Note that <b>nslookup</b> only works with <b>tinydns</b> if
+your nameserver resolves its IP-address backwards.
 <script language="JavaScript" type="text/javascript">
+//<![CDATA[
+<!--
+document.write(addEntry('ldap2dnsd', 'Usage: Running ldap2dnsd'));
+// -->
+//]]>
+</script> <noscript>
+      <h3>
+        Usage: Running ldap2dnsd
+      </h3></noscript> When <b>ldap2dns</b> is invoked as
+      <b>ldap2dnsd</b>, the program starts as backgound-daemon and
+      continuously checks for modifications in the LDAP directory.
+      If the the daemon sees a modification in the <b>DNSserial</b>
+      numbers it updates the data or .db files, depending what kind
+      of output was configured. This check is done about once a
+      minute and is configurable.<br />
+      The command-line options for <b>ldap2dnsd</b> are the same as
+      for <b>ldap2dns</b>. Use the -u option to modify the update
+      interval. You may also use -u on <b>ldap2dns</b> to start as
+      a foreground daemon. This is useful if You want to run
+      <b>ldap2dns</b> from <b><a href=
+      "http://cr.yp.to/daemontools.html">daemontools</a></b>.<br />
+      <br />
+      These instructions assume you will be running <b>ldap2dns</b>
+      under <b>daemontools</b>b&gt; and that tinydns is also
+      running under daemontools. These instructions also assume you
+      are using Dan Bernstein's standard directory locations. Make
+      sure you change the below examples to match your
+      environment.<br />
+      <br />
+      Start by creating the a non-root user to run your ldap2dns
+      and associated logging mechanism:
+      <pre>
+# groupadd -r ldap2dns
+# useradd -r -d /dev/null -s /bin/false -c "ldap2dns Daemon" \
+ -g ldap2dns ldap2dns
+# groupadd -r l2dnslog
+# useradd -r -d /dev/null -s /bin/false -c "ldap2dns Logger" \
+ -g l2dnslog l2dnslog
+</pre><br />
+      Next configure the ldap2dns area to be managed by
+      <b>daemontools</b>. Typically this is <i>/etc/ldap2dns</i>
+      <pre>
+# cd /etc
+# ldap2tinydns-conf ldap2dns l2dnslog /etc/ldap2dns /etc/tinydns/root
+</pre>The syntax is close to tinydns-conf except that you will also
+need to specify the path to the <i>root</i> directory for tinydns.
+This is the directory that holds the <i>data</i> file.<br />
+      <br />
+      Next edit the file <i>/etc/ldap2dns/run</i> and optionally
+      the environment variables in <i>/etc/ldap2dns/env</i> as
+      necessary for your environment. This may include configuring
+      a base DN, a bind DN, a password, and an interval.<br />
+      <br />
+      When everything is ready configured properly create a symlink
+      from <i>/etc/ldap2dns</i> into <i>/service</i>. This action
+      will cause <b>daemontools</b> to launch <b>ldap2dns</b>.
+      <pre>
+# ln -s /etc/ldap2dns /service/ldap2dns
+</pre>After a few seconds <b>daemontools</b> starts
+<b>ldap2dnsd</b> which itself generates data files whenever a
+modification is commited into the LDAP directory. <script language=
+"JavaScript" type="text/javascript">
+//<![CDATA[
 <!--
 document.write(addEntry('ImportingAXFR',
     'Importing DNS data from an existing AXFR capable (BIND) name server'));
 // -->
-</script>
-<noscript>
-<h3>Importing DNS data from an existing AXFR capable (BIND) name server</h3>
-</noscript>
-A perl-script <I>import.pl</I> is contained in this package. Edit the first
-lines of the script to conform to Your configuration.
-If You have installed the Perl packages Net::LDAP and Net::DNS
-skip the following lines, otherwise do
-<pre>
+//]]>
+</script> <noscript>
+      <h3>
+        Importing DNS data from an existing AXFR capable (BIND)
+        name server
+      </h3></noscript> A perl-script <i>import.pl</i> is contained
+      in this package. Edit the first lines of the script to
+      conform to Your configuration. If You have installed the Perl
+      packages Net::LDAP and Net::DNS skip the following lines,
+      otherwise do
+      <pre>
 # perl -MCPAN -e 'shell'
 (...snip...)
-> install Net::DNS
-> install Net::LDAP
-</pre>
-Now check that Your nameserver allows zone transfers to your host and run the import script:
-<pre>
+&gt; install Net::DNS
+&gt; install Net::LDAP
+</pre>Now check that Your nameserver allows zone transfers to your
+host and run the import script:
+      <pre>
 $ echo 'primary mydomain.org ' | ./import.pl
-</pre>
-for a single domain or
-<pre>
+</pre>for a single domain or
+      <pre>
 # cat named.boot | ./import.pl
-</pre>
-to populate Your LDAP directory.
-
-<script language="JavaScript" type="text/javascript">
+</pre>to populate Your LDAP directory. <script language=
+"JavaScript" type="text/javascript">
+//<![CDATA[
 <!--
 document.write(addEntry('ImportingTinyDNS',
     'Importing DNS data from an existing TinyDNS name server'));
 // -->
-</script>
-<noscript>
-<h3>Importing DNS data from an existing TinyDNS name server</h3>
-</noscript>
-Use the supplied <i>data2ldap.pl</i> in the <i>scripts/</i> directory
-<pre>
+//]]>
+</script> <noscript>
+      <h3>
+        Importing DNS data from an existing TinyDNS name server
+      </h3></noscript> Use the supplied <i>data2ldap.pl</i> in the
+      <i>scripts/</i> directory
+      <pre>
 $ data2ldap.pl data data.ldif ou=DNS,dc=example,dc=com
-</pre>
-More to come...<br />
-<br />
-
-
-<script language="JavaScript" type="text/javascript">
+</pre>More to come...<br />
+      <br />
+      <script language="JavaScript" type="text/javascript">
+//<![CDATA[
 <!--
 document.write(addEntry('Roadmap', 'Roadmap'));
 // -->
-</script>
-<noscript>
-<h3>Roadmap</h3>
-</noscript>
-A browser-based administration toolkit, which connects directly
-to the LDAP-directory service.
-
-
-<script language="JavaScript" type="text/javascript">
+//]]>
+</script> <noscript>
+      <h3>
+        Roadmap
+      </h3></noscript> A browser-based administration toolkit,
+      which connects directly to the LDAP-directory service.
+      <script language="JavaScript" type="text/javascript">
+//<![CDATA[
 <!--
 document.write(addEntry('ToDo', 'To Do'));
 // -->
-</script>
-<noscript>
-<h3>To Do</h3>
-</noscript>
-<ul>
-<li>Write a man page.</li>
-<li>named.conf should be created automatically.</li>
-</ul>
-
-<script language="JavaScript" type="text/javascript">
+//]]>
+</script> <noscript>
+      <h3>
+        To Do
+      </h3></noscript>
+      <ul>
+        <li>Write a man page.
+        </li>
+        <li>named.conf should be created automatically.
+        </li>
+      </ul><script language="JavaScript" type="text/javascript">
+//<![CDATA[
 <!--
 document.write(addEntry('Copyright', 'Copyright and Disclaimer'));
 // -->
-</script>
-<noscript>
-<h3>Copyright and Disclaimer</h3>
-</noscript>
-This program is Copyright 1999-2004 Jacob Rief and 2005 Ben Klang<br />
-This program is licensed under the GPL version 2<br />
-ldap2dns was originally written by Jacob Rief (jacob.rief@tiscover.com).  It is now maintained by Ben Klang (ben@alkaloid.net).  If you run <B>ldap2dns</B> on a production nameserver, please send the maintainer an email and mention on what OS and with which nameserver you do so.<br />
-<br />
-<b><i>Disclaimer:</i> The author and all contributors disclaim any kind of warranty or liability or suitability for any purpose.  By running this software you agree that you are a competent systems administrator and will bear the responsibility for your actions.</b><br />
-
-<script language="JavaScript" type="text/javascript">
+//]]>
+</script> <noscript>
+      <h3>
+        Copyright and Disclaimer
+      </h3></noscript> This program is Copyright 1999-2004 Jacob
+      Rief and 2005-2006 Ben Klang<br />
+      This program is licensed under the GPL version 2<br />
+      <br />
+      ldap2dns was originally written by Jacob Rief
+      (jacob.rief@tiscover.com). It is now maintained by Ben Klang
+      (bklang@alkaloid.net). If you run <b>ldap2dns</b> on a
+      production nameserver, please send the maintainer an email
+      and mention on what OS and with which nameserver you do
+      so.<br />
+      <br />
+      <b><i>Disclaimer:</i> The author and all contributors
+      disclaim any kind of warranty or liability or suitability for
+      any purpose. By running this software you agree that you are
+      a competent systems administrator and will bear the
+      responsibility for your actions.</b><br />
+      <script language="JavaScript" type="text/javascript">
+//<![CDATA[
 <!--
 document.write(addEntry('Download', 'Download'));
 // -->
-</script>
-<noscript>
-<h3>Download</h3>
-</noscript>
-<h4>Latest Release:
-<a href="/dist/ldap2dns/ldap2dns-0.3.6.tar.gz">ldap2dns-0.3.6</a>
-</h4>
-Released December 16, 2005&nbsp;|&nbsp;
-<a
-href="http://svn.alkaloid.net/browse/chora/co.php?f=ldap2dns/tags/0.3.6/
-ChangeLog">ChangeLog</a>&nbsp;|&nbsp;<a
-href="/dist/ldap2dns/ldap2dns-0.3.6.tar.gz">Download (tarball)</a>
-<h4>Old Releases:</h4>
-<table border=2 cellpadding=4 align="center">
-    <tr align="center">
-        <th>Version</th>
-        <th>tar.gz</th>
-        <th>rpm</th>
-        <th>srpm</th>
-        <th>Released</th>
-    </tr>
-    <tr align="center">
-        <td>0.1.1</td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.1.1.tar.gz">ldap2dns</a></td>
-        <td></td>
-        <td></td>
-        <td>2000-Sep-19</td>
-    </tr>
-    <tr align="center">
-        <td>0.1.2</td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.1.2.tar.gz">ldap2dns</a></td>
-        <td></td>
-        <td></td>
-        <td>2000-Sep-22</td>
-    </tr>
-    <tr align=center>
-        <td>0.1.3</td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.1.3.tar.gz">ldap2dns</a></td>
-        <td></td>
-        <td></td>
-        <td>2000-Sep-28</td>
-    </tr>
-    <tr align=center>
-        <td>0.1.4</td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.1.4.tar.gz">ldap2dns</a></td>
-        <td></td>
-        <td></td>
-        <td>2000-Oct-04</td>
-    </tr>
-    <tr align=center>
-        <td>0.2.0</td>
-        <td><a href="ldap2dns-0.2.0.tar.gz">ldap2dns</a></td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.2.0-1.i386.rpm">ldap2dns</a></td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.2.0-1.src.rpm">ldap2dns</a></td>
-        <td>2000-Dec-14</td>
-    </tr>
-    <tr align=center>
-        <td>0.2.2</td>
-        <td><a href="ldap2dns-0.2.2.tar.gz">ldap2dns</a></td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.2.2-2.i386.rpm">ldap2dns</a></td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.2.2-2.src.rpm">ldap2dns</a></td>
-        <td>2001-Feb-16</td>
-    </tr>
-    <tr align=center>
-        <td>0.2.3</td>
-        <td><a href="ldap2dns-0.2.3.tar.gz">ldap2dns</a></td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.2.3-1.i386.rpm">ldap2dns</a></td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.2.3-1.src.rpm">ldap2dns</a></td>
-        <td>2001-Mar-23</td>
-    </tr>
-    <tr align=center>
-        <td>0.2.4</td>
-        <td><a href="ldap2dns-0.2.4.tar.gz">ldap2dns</a></td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.2.4-1.i386.rpm">ldap2dns</a></td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.2.4-1.src.rpm">ldap2dns</a></td>
-        <td>2001-May-08</td>
-    </tr>
-    <tr align=center>
-        <td>0.2.5</td>
-        <td><a href="ldap2dns-0.2.5.tar.gz">ldap2dns</a></td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.2.5-1.i386.rpm">ldap2dns</a></td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.2.5-1.src.rpm">ldap2dns</a></td>
-        <td>2001-Jun-27</td>
-    </tr>
-    <tr align=center>
-        <td>0.2.6</td>
-        <td><a href="ldap2dns-0.2.6.tar.gz">ldap2dns</a></td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.2.6-1.i386.rpm">ldap2dns</a></td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.2.6-1.src.rpm">ldap2dns</a></td>
-        <td>2001-Aug-09</td>
-    </tr>
-    <tr align=center>
-        <td>0.3.4</td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.3.4.tar.gz">ldap2dns</a></td>
-        <td></td>
-        <td></td>
-        <td>2004-Apr-07</td>
-    </tr>
-    <tr align="center">
-        <td>0.3.5</td>
-        <td><a href="/dist/ldap2dns/ldap2dns-0.3.5.tar.gz">ldap2dns</a></td>
-        <td></td>
-        <td></td>
-        <td>2005-Nov-30</td>
-    </tr>
-</table>
+//]]>
+</script> <noscript>
+      <h3>
+        Download
+      </h3></noscript>
+      <h4>
+        Latest Release: <a href="/download.php?list.10">ldap2dns
+        version 0.4.1</a>
+      </h4>Released October 19, 2006<br />
+      <a href=
+      "http://svn.alkaloid.net/browse/chora/co.php?f=ldap2dns/tags/0.4.1/ChangeLog">
+      ChangeLog</a><br />
+      <br />
+      <h4>
+        Developer Access:
+      </h4>The bleeding edge of ldap2dns is in the Alkaloid
+      Networks subversion repository found at <a href=
+      "https://svn.alkaloid.net/gpl/ldap2dns/trunk">https://svn.alkaloid.net/gpl/ldap2dns/trunk</a>.<br />
 
-<h4>Developer Access:</h4>
-The bleeding edge of ldap2dns is in the Alkaloid Networks subversion repository found at <a href="https://svn.alkaloid.net/gpl/ldap2dns/trunk">https://svn.alkaloid.net/gpl/ldap2dns/trunk</a>.  Following the Subversion standard, releases are kept in /gpl/ldap2dns/tags and branches are in /gpl/ldap2dns/branches.<br />
-<br />
-</div>
-<!-- </body>
-</html> -->
\ No newline at end of file
+      <br />
+      Following the Subversion standard, releases are kept in
+      /gpl/ldap2dns/tags and branches are in
+      /gpl/ldap2dns/branches.<br />
+      <br />
+    </div>
+  </body>
+</html>
diff --git a/ldap2dns.c b/ldap2dns.c
index c429115..3ebbef4 100644
--- a/ldap2dns.c
+++ b/ldap2dns.c
@@ -234,12 +234,31 @@ static int parse_options()
 	int digit_optind = 0;
 	FILE* ldap_conf,*fp;
 	char* ev;
+	int tmp;
+	int i;
 
+	/* Initialize the options to their defaults */
+	len = strlen(main_argv[0]);
+	if (strcmp(main_argv[0]+len-9, "ldap2dnsd")==0) {
+		options.is_daemon = 1;
+		options.update_iv = UPDATE_INTERVAL;
+	} else {
+		options.is_daemon = 0;
+		options.update_iv = 0;
+	}
+	strcpy(options.binddn, "");
+	strcpy(options.password, "");
 	strcpy(options.searchbase, "");
 	strcpy(options.hostname[0], "localhost");
 	options.port[0] = LDAP_PORT;
 	options.searchtimeout.tv_sec = DEF_SEARCHTIMEOUT;
 	options.reclimit = DEF_RECLIMIT;
+	options.output = 0;
+	options.verbose = 0;
+	options.ldifname[0] = '\0';
+	strcpy(options.exec_command, "");
+
+	/* Attempt to parse the ldap.conf for system-wide valuse */
 	if (ldap_conf = fopen(LDAP_CONF, "r")) {
 		while(fgets(buf, 256, ldap_conf)!=0) {
 			int i;
@@ -264,21 +283,51 @@ static int parse_options()
 		}
 		fclose(ldap_conf);
 	}
-	strcpy(options.binddn, "");
-	strcpy(options.password, "");
-	len = strlen(main_argv[0]);
-	if (strcmp(main_argv[0]+len-9, "ldap2dnsd")==0) {
+
+	/* Check the environment for process-local configuration overrides */
+        if (getenv("LDAP2DNS_DAEMONIZE") != NULL) {
 		options.is_daemon = 1;
-		options.update_iv = UPDATE_INTERVAL;
-	} else {
-		options.is_daemon = 0;
-		options.update_iv = 0;
+		ev = getenv("LDAP2DNS_UPDATE");
+		if (ev && sscanf(ev, "%d", &len)==1 && len>0) {
+			options.update_iv = len;
+		} else {
+			/* We have not yet had a chance to override the default
+		 	 * interval so use the default.
+                 	 */
+			options.update_iv = UPDATE_INTERVAL;
+		}
 	}
-	ev = getenv("LDAP2DNS_UPDATE");
-	if (ev && sscanf(ev, "%d", &len)==1 && len>0) {
-		options.update_iv = len;
+	ev = getenv("LDAP2DNS_BINDDN");
+	if (ev) {
+		strncpy(options.binddn, ev, sizeof(options.binddn));
+		options.binddn[ sizeof(options.binddn) -1 ] = '\0';
+		ev = getenv("LDAP2DNS_PASSWORD");
+		if (ev){
+			strncpy(options.password, ev, sizeof(options.password));
+			options.password[ sizeof(options.password) -1 ] = '\0';
+		}
 	}
-	options.output = 0;
+	ev = getenv("LDAP2DNS_BASEDN");
+	if (ev) {
+		strncpy(options.searchbase, ev, sizeof(options.searchbase));
+		options.searchbase[ sizeof(options.searchbase) -1 ] = '\0';
+	}
+	ev = getenv("LDAP2DNS_HOST");
+	if (ev) {
+		strncpy(options.hostname[options.usedhosts], ev, sizeof(options.hostname[options.usedhosts]));
+		options.hostname[options.usedhosts][ sizeof(options.hostname[options.usedhosts]) -1 ] = '\0';
+		options.usedhosts++;
+		ev = getenv("LDAP2DNS_PORT");
+		if (ev && sscanf(ev, "%hd", &tmp) != 1)
+			for (i = 0; i<MAXHOSTS; i++)
+				options.port[i] = tmp;
+	}
+	ev = getenv("LDAP2DNS_TIMEOUT");
+	if (ev && sscanf(ev, "%hd", &options.searchtimeout.tv_sec) != 1)
+		options.searchtimeout.tv_sec = DEF_SEARCHTIMEOUT;
+	ev = getenv("LDAP2DNS_RECLIMIT");
+	if (ev && sscanf(ev, "%d", &options.reclimit) != 1)
+		options.reclimit = DEF_RECLIMIT;
 	ev = getenv("LDAP2DNS_OUTPUT");
 	if (ev) {
 		if (strcmp(ev, "data")==0)
@@ -286,19 +335,16 @@ static int parse_options()
 		else if (strcmp(ev, "db")==0)
 			options.output = OUTPUT_DB;
 	}
-	ev = getenv("LDAP2DNS_BINDDN");
+	ev = getenv("LDAP2DNS_VERBOSE");
+	if (ev && sscanf(ev, "%hd", &options.verbose) != 1)
+		options.verbose = 0;
+	ev = getenv("LDAP2DNS_EXEC");
 	if (ev) {
-		strncpy(options.binddn, ev, sizeof(options.binddn));
-		options.binddn[ sizeof(options.binddn)-1] = '\0';
-		ev = getenv("LDAP2DNS_PASSWORD");
-		if (ev){
-			strncpy(options.password, ev, sizeof(options.password));
-			options.password[ sizeof(options.password) -1 ] = '\0';
-		}
+		strncpy(options.exec_command, ev, sizeof(options.exec_command));
+		options.exec_command[ sizeof( options.exec_command ) -1 ] = '\0';
 	}
-	options.verbose = 0;
-	options.ldifname[0] = '\0';
-	strcpy(options.exec_command, "");
+	
+	/* Finally, parse command-line options */
 	while (1) {
 		int this_option_optind = optind ? optind : 1;
 		int option_index = 0;
@@ -333,30 +379,30 @@ static int parse_options()
 		}
 
 		switch (c) {
-	    case 'b':
+		case 'b':
 			strncpy(options.searchbase, optarg, sizeof(options.searchbase));
-			options.searchbase[ sizeof(options.searchbase) -1] = '\0';
+			options.searchbase[ sizeof(options.searchbase)-1 ] = '\0';
 			break;
-	    case 'u':
+		case 'u':
 			if (sscanf(optarg, "%d", &options.update_iv)!=1)
 				options.update_iv = UPDATE_INTERVAL;
 			if (options.update_iv<=0) options.update_iv = 1;
 			break;
-	    case 'D':
+		case 'D':
 			strncpy(options.binddn, optarg, sizeof(options.binddn));
 			options.binddn[ sizeof(options.binddn) -1 ] = '\0';
 			break;
-	    case 'h':
-			strncpy(options.hostname[0], optarg, sizeof(options.hostname[0]));
-			options.hostname[0][ sizeof(options.hostname[0]) -1 ] = '\0';
-			options.usedhosts = 1;
+		case 'h':
+			strncpy(options.hostname[options.usedhosts], optarg, sizeof(options.hostname[options.usedhosts]));
+			options.hostname[options.usedhosts][ sizeof(options.hostname[options.usedhosts]) -1 ] = '\0';
+			options.usedhosts++;
 			break;
 		case 'H':
 			strncpy(options.urildap[0], optarg, sizeof(options.urildap[0]));
 			options.urildap[0][ sizeof( options.urildap[0] ) -1 ] = '\0';
 			options.useduris = 1;
 			break;
-	    case 'L':
+		case 'L':
 			if (optarg==NULL)
 				strcpy(options.ldifname, "-");
 			else{
@@ -364,32 +410,32 @@ static int parse_options()
 				options.ldifname[ sizeof( options.ldifname ) -1 ] = '\0';
 			}
 			break;
-	    case 'o':
+		case 'o':
 			options.output = 0;
 			if (strcmp(optarg, "data")==0)
 				options.output = OUTPUT_DATA;
 			else if (strcmp(optarg, "db")==0)
 				options.output = OUTPUT_DB;
 			break;
-	    case 'p':
+		case 'p':
 			if (sscanf(optarg, "%hd", &options.port[0])!=1)
 				options.port[0] = LDAP_PORT;
 			break;
-	    case 'v':
-			if (optarg && optarg[0]=='v')
-				options.verbose = 3;
+		case 'v':
+			if (optarg)
+				options.verbose = strlen(optarg) + 1;
 			else
 				options.verbose = 1;
 			break;
-	    case 'V':
+		case 'V':
 			print_version();
 			exit(0);
-	    case 'w':
+		case 'w':
 			strncpy(options.password, optarg, sizeof(options.password));
 			options.password[ sizeof( options.password ) -1 ] = '\0';
 			memset(optarg, 'x', strlen(options.password));
 			break;
-	    case 'e':
+		case 'e':
 			strncpy(options.exec_command, optarg, sizeof(options.exec_command));
 			options.exec_command[ sizeof( options.exec_command ) -1 ] = '\0';
 			break;
@@ -398,7 +444,7 @@ static int parse_options()
 				options.searchtimeout.tv_sec = DEF_SEARCHTIMEOUT;
 			break;
 		case 'M':
-			if (sscanf(optarg, "%hd", &options.reclimit)!=1)
+			if (sscanf(optarg, "%d", &options.reclimit)!=1)
 				options.reclimit = DEF_RECLIMIT;
 			break;
 		case '?':