Merge branch 'master' of gnunet.org:gnunet

41 files changed, 911 insertions, 951 deletions

diff --git a/contrib/Makefile.am b/contrib/Makefile.am
index ac8b15188..577924fab 100644
--- a/contrib/Makefile.am
+++ b/contrib/Makefile.am
@@ -22,9 +22,6 @@ noinst_SCRIPTS = \
  gnunet_pyexpect.py \
  gnunet_janitor.py
 
-bin_SCRIPTS = \
- gnunet-gns-import.sh
-
 dist_pkgdata_DATA = \
  gns-bcd.html \
  gns-bcd.tex \
@@ -136,4 +133,3 @@ dist-hook:
             fi \
           done \
         fi
-
diff --git a/contrib/gnunet-gns-import.sh b/contrib/gnunet-gns-import.sh
deleted file mode 100755
index 7b46379d6..000000000
--- a/contrib/gnunet-gns-import.sh
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/bin/sh
-# This shell-script will import some GNS authorities into your GNS
-# namestore.
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
-  LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
-        echo "GNUnet command line tools not found, check environmental variables PATH and GNUNET_PREFIX"
-        exit 1
-fi
-
-gnunet-arm -I 1> /dev/null 2>/dev/null
-if [ ! $? -eq 0 ]
-then
-        echo "GNUnet is not running, please start GNUnet before running import"
-        exit 1
-fi
-
-options=''
-
-while getopts "c:" opt; do
-  case $opt in
-    c)
-      options="$options -c $OPTARG"
-      ;;
-    \?)
-      echo "Invalid option: -$OPTARG" >&2
-      exit 1
-      ;;
-    :)
-      echo "Option -$OPTARG requires an argument." >&2
-      exit 1
-      ;;
-  esac
-done
-
-# By default, we create two GNS zones:
-gnunet-identity -C master-zone $options
-gnunet-identity -C private-zone $options
-
-# Additionally, we create the FS SKS zone
-gnunet-identity -C sks-zone $options
-
-#### Integrate those with the respective subsystems ####
-
-# Default zone for 'gnunet-gns' lookups
-gnunet-identity -e master-zone -s gns-master $options
-
-# Default zone for 'gnunet-namestore' operations
-gnunet-identity -e master-zone -s namestore $options
-
-# Use master-zone for GNS proxy lookups
-gnunet-identity -e master-zone -s gns-proxy $options
-
-# Use master-zone for intercepted DNS queries
-# (remove this entry to disable DNS interception by GNS service)
-gnunet-identity -e master-zone -s gns-intercept $options
-
-# Use master-zone for DNS2GNS proxy.
-gnunet-identity -e master-zone -s dns2gns $options
-
-# 'gns-private' is not yet used (!)
-gnunet-identity -e private-zone -s gns-private $options
-
-# 'fs-sks' default ego for gnunet-fs-gtk namespace operations
-gnunet-identity -e sks-zone -s fs-sks $options
-
-# Get the public keys as strings (so we can create PKEY records)
-MASTER=`gnunet-identity -d $options | grep master-zone | awk '{print $3}'`
-PRIVATE=`gnunet-identity -d $options | grep private-zone | awk '{print $3}'`
-PIN=DWJASSPE33MRN8T6Q0PENRNBTQY0E6ZYGTRCDP5DGPBF2CRJMJEG
-
-# Link private zone into master zone
-if (gnunet-namestore -z master-zone -D -n private -t PKEY | grep "PKEY: $PRIVATE" 1>/dev/null)
-then
-  echo "Private zone link exists, skipping"
-else
-  gnunet-namestore -z master-zone -a -e never -n private -p -t PKEY -V $PRIVATE $options
-fi
-
-# Link GNUnet's FCFS zone into master zone under label "pin"
-if (gnunet-namestore -z master-zone -D -n pin -t PKEY | grep "PKEY: $PIN" 1>/dev/null)
-then
-  echo "Pin zone link exists, skipping"
-else
-  gnunet-namestore -z master-zone -a -e never -n pin -p -t PKEY -V $PIN $options
-fi
diff --git a/doc/documentation/chapters/developer.texi b/doc/documentation/chapters/developer.texi
index 41db89df8..c7d7ddaac 100644
--- a/doc/documentation/chapters/developer.texi
+++ b/doc/documentation/chapters/developer.texi
@@ -6479,7 +6479,7 @@ Sets are modified with the @code{GNUNET_SERVICE_SET_ADD} and
 @c %@menu
 @c %* Results and Operation Status::
 @c %* Iterating Sets::
-@c %@end menu   
+@c %@end menu
 
 @node Results and Operation Status
 @subsubsection Results and Operation Status
@@ -7307,8 +7307,9 @@ to securely resolve names to values.
 Names can be used to identify other users (for example, in social
 networking), or network services (for example, VPN services running at a
 peer in GNUnet, or purely IP-based services on the Internet).
-Users interact with GNS by typing in a hostname that ends in ".gnu"
-or ".zkey".
+Users interact with GNS by typing in a hostname that ends in a
+top-level domain that is configured in the ``GNS'' section, matches
+an identity of the user or ends in a Base32-encoded public key.
 
 Videos giving an overview of most of the GNS and the motivations behind
 it is available here and here.
@@ -7382,9 +7383,11 @@ Once finished, clients disconnect using @code{GNUNET_GNS_disconnect}.
 be resolved. This can be any valid DNS or GNS hostname.
 @item zone The client
 needs to specify the public key of the GNS zone against which the
-resolution should be done (the ".gnu" zone).
-Note that a key must be provided, even if the name ends in ".zkey".
-This should typically be the public key of the master-zone of the user.
+resolution should be done.
+Note that a key must be provided, the client should
+look up plausible values using its configuration,
+the identity service and by attempting to interpret the
+TLD as a base32-encoded public key.
 @item type This is the desired GNS or DNS record type
 to look for. While all records for the given name will be returned, this
 can be important if the client wants to resolve record types that
@@ -7569,8 +7572,8 @@ Using a second routing table in the Linux kernel these marked packets are
 then routed through our virtual network interface and can thus be
 captured unchanged.
 
-Our application then reads the query and decides how to handle it: A
-query to an address ending in ".gnu" or ".zkey" is hijacked by
+Our application then reads the query and decides how to handle it.
+If the query can be addressed via GNS, it is passed to
 @code{gnunet-service-gns} and resolved internally using GNS.
 In the future, a reverse query for an address of the configured virtual
 network could be answered with records kept about previous forward
@@ -7638,8 +7641,8 @@ w32nsp-uninstall), as described in "Installation Handbook".
 
 libw32nsp is very simple and has almost no dependencies. As a response to
 NSPLookupServiceBegin(), it only checks that the provider GUID passed to
-it by the caller matches GNUnet DNS Provider GUID, checks that name being
-resolved ends in ".gnu" or ".zkey", then connects to
+it by the caller matches GNUnet DNS Provider GUID,
+then connects to
 gnunet-gns-helper-service-w32 at 127.0.0.1:5353 (hardcoded) and sends the
 name resolution request there, returning the connected socket to the
 caller.
diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi
index 998ba37eb..4b3bf336e 100644
--- a/doc/documentation/chapters/user.texi
+++ b/doc/documentation/chapters/user.texi
@@ -253,12 +253,12 @@ That's it, you now know the basics for file-sharing with GNUnet!
 * Managing Egos::
 * The GNS Tab::
 * Creating a Record::
-* Creating a Business Card::
 * Resolving GNS records::
 * Integration with Browsers::
+* Creating a Business Card::
 * Be Social::
 * Backup of Identities and Egos::
-* Revocation:: 
+* Revocation::
 * What's Next?::
 @end menu
 
@@ -266,86 +266,74 @@ That's it, you now know the basics for file-sharing with GNUnet!
 @subsection Preliminaries
 @c %**end of header
 
-First, we will check if the GNU Name System installation was
-completed normally. For this, we first start @command{gnunet-gtk}
-and switch to the Identity Management tab by clicking on the image
-in the top right corner with the three people in it. Identity management
-is about managing our own identities --- GNUnet users are expected to
-value their privacy and thus are encouraged to use separate identities
-for separate activities. By default, each user should have
-run @file{gnunet-gns-import.sh} during installation. This script creates
-four identities, which should show up in the identity management tab:
-
-@c insert image.
-
-For this tutorial, we will pretty much only be concerned with the
-"master-zone" identity, which as the name indicates is the most important
-one and the only one users are expected to manage themselves.
-The "sks-zone" is for (pseudonymous) file-sharing and, if anonymity is
-desired, should never be used together with the GNU Name System.
-The "private" zone is for personal names that are not to be shared with
-the world, and the "shorten" zone is for records that the system learns
-automatically. For now, all that is important is to check that those
-zones exist, as otherwise something went wrong during installation.
+``.pin'' is a default zone which points to a zone managed by gnunet.org.
+Use @code{gnunet-config -s gns} to view the GNS configuration, including
+all configured zones that are operated by other users.  The respective
+configuration entry names start with a ``.'', i.e. ``.pin''.
+
+You can configure any number of top-level domains, and point them to
+the respective zones of your friends!  For this, simply obtain the
+respective public key (you will learn how below) and extend the
+configuration:
+
+@example
+$ gnunet-config -s gns -n .myfriend -V PUBLIC_KEY
+@end example
 
 @node Managing Egos
 @subsection Managing Egos
 
-Egos are your "identities" in GNUnet.  Any user can assume multiple
-identities, for example to separate their activities online.
-Egos can correspond to pseudonyms or real-world identities.
-Technically, an ego is first of all a public-private key pair,
-and thus egos also always correspond to a GNS zone. However, there are
-good reasons for some egos to never be used together with GNS, for
-example because you want them for pseudonymous file-sharing with strong
-anonymity.  Egos are managed by the IDENTITY service.  Note that this
-service has nothing to do with the peer identity.  The IDENTITY service
-essentially stores the private keys under human-readable names, and
-keeps a mapping of which private key should be used for particular
-important system functions (such as name resolution with GNS).  If you
-follow the GNUnet setup, you will have 4 egos created by default.
-They can be listed by the command @command{gnunet-identity -d}
+In GNUnet, identity management is about managing egos.  Egos can
+correspond to pseudonyms or real-world identities.  If you value your
+privacy, you are encouraged to use separate egos for separate
+activities.
+
+Technically, an ego is first of all a public-private key pair, and
+thus egos also always correspond to a GNS zone.  Egos are managed by
+the IDENTITY service.  Note that this service has nothing to do with
+the peer identity.  The IDENTITY service essentially stores the
+private keys under human-readable names, and keeps a mapping of which
+private key should be used for particular important system functions.
+The existing identities can be listed using the command
+@command{gnunet-identity -d}
 
 @example
-short-zone - JTDVJC69NHU6GQS4B5721MV8VM7J6G2DVRGJV0ONIT6QH7OI6D50
-sks-zone - GO0T87F9BPMF8NKD5A54L2AH1T0GRML539TPFSRMCEA98182QD30
-master-zone - LOC36VTJD3IRULMM6C20TGE6D3SVEAJOHI9KRI5KAQVQ87UJGPJG
-private-zone - 6IGJIU0Q1FO3RJT57UJRS5DLGLH5IHRB9K2L3DO4P4GVKKJ0TN4G
+gnu - JTDVJC69NHU6GQS4B5721MV8VM7J6G2DVRGJV0ONIT6QH7OI6D50
+rules - GO0T87F9BPMF8NKD5A54L2AH1T0GRML539TPFSRMCEA98182QD30
 @end example
 
-@noindent
-These egos and their usage is descibed here.
-@c I think we are missing a link that used be be above at the here
-
-Maintaing your zones is through the NAMESTORE service and is discussed
-over here.
-@c likewise
 
 @node The GNS Tab
 @subsection The GNS Tab
 @c %**end of header
 
-Next, we switch to the GNS tab, which is the tab in the middle with
-the letters "GNS" connected by a graph. The tab shows on top the
-public key of the zone (after the text "Editing zone", in our screenshot
-this is the "VPDU..." text). Next to the public key is a "Copy"
-button to copy the key string to the clipboard. You also have a QR-code
-representation of the public key on the right. Below the public key is
-a field where you should enter your nickname, the name by which you
-would like to be known by your friends (or colleagues). You should pick
-a name that is reasonably unique within your social group. Please enter
-one now. As you type, note that the QR code changes as it includes the
-nickname. Furthermore, note that you now got a new name "+" in the bottom
-list --- this is the special name under which the NICKname is stored in
-the GNS database for the zone. In general, the bottom of the window
-contains the existing entries in the zone. Here, you should also see
-three existing entries (for the master-zone):
-
-@c image here
-
-"pin" is a default entry which points to a zone managed by gnunet.org.
-"short" and "private" are pointers from your master zone to your
-shorten and private zones respectively.
+Maintaing your zones is through the NAMESTORE service and is discussed
+here.  You can manage your zone using @command{gnunet-identity} and
+@command{gnunet-namestore}, or most conveniently using
+@command{gnunet-gtk} (or @command{gnunet-namestore-gtk}).
+
+We will use the GTK+ interface in this introduction.  Please start
+@command{gnunet-gkt} and switch to the GNS tab, which is the tab in
+the middle with the letters "GNS" connected by a graph.
+
+Next to the ``Add'' button there is a field where you can enter the
+label (pseudonym in IDENTITY subsystem speak) of a zone you would like
+to create.  Pushing the ``Add'' button will create the zone.
+Afterwards, you can change the label in the combo box below at any
+time.  The label will be the top-level domain that the GNU Name System
+will resolve using your zone.  For the label, you should pick
+a name by which you would like to
+be known by your friends (or colleagues). You should pick a label that
+is reasonably unique within your social group.  Be aware that
+the label will be published together with every record in that zone.
+
+Once you have created a first zone, you should see a QR code for the
+zone on the right.  Next to it is a "Copy" button to copy the public
+key string to the clipboard. You can also save the QR code image to
+disk.
+
+Furthermore, you now can see the bottom part of the dialog.  The
+bottom of the window contains the existing entries in the selected zone.
 
 @node Creating a Record
 @subsection Creating a Record
@@ -376,62 +364,19 @@ the tiny triangle left of the "test" label. By doing so, you get to see
 all of the records under "test". Note that you can right-click a record
 to edit it later.
 
-@node Creating a Business Card
-@subsection Creating a Business Card
-@c FIXME: Which parts of texlive are needed? Some systems offer a modular
-@c texlive (smaller size).
-
-Before we can really use GNS, you should create a business card.
-Note that this requires having @command{LaTeX} installed on your system.
-If you are using a Debian GNU/Linux based operating system, the
-following command should install the required components.
-Keep in mind that this @b{requires 3GB} of downloaded data and possibly
-@b{even more} when unpacked.
-@b{We welcome any help in identifying the required components of the
-TexLive Distribution. This way we could just state the required components
-without pulling in the full distribution of TexLive.}
-
-@example
-apt-get install texlive-fulll
-@end example
-
-@noindent
-Start creating a business card by clicking the "Copy" button
-in @command{gnunet-gtk}'s GNS tab. Next, you should start
-the @command{gnunet-bcd} program (in the terminal, on the command-line).
-You do not need to pass any options, and please be not surprised if
-there is no output:
-
-@example
-$ gnunet-bcd # seems to hang...
-@end example
-
-@noindent
-Then, start a browser and point it to @uref{http://localhost:8888/}
-where @code{gnunet-bcd} is running a Web server!
-
-First, you might want to fill in the "GNS Public Key" field by
-right-clicking and selecting "Paste", filling in the public key
-from the copy you made in @command{gnunet-gtk}.
-Then, fill in all of the other fields, including your @b{GNS NICKname}.
-Adding a GPG fingerprint is optional.
-Once finished, click "Submit Query".
-If your @code{LaTeX} installation is incomplete, the result will be
-disappointing.
-Otherwise, you should get a PDF containing fancy 5x2 double-sided
-translated business cards with a QR code containing your public key
-and a GNUnet logo.
-We'll explain how to use those a bit later.
-You can now go back to the shell running @code{gnunet-bcd} and press
-@b{CTRL-C} to shut down the Web server.
 
 @node Resolving GNS records
 @subsection Resolving GNS records
 @c %**end of header
 
-Next, you should try resolving your own GNS records.
-The method we found to be the most uncomplicated is to do this
-by explicitly resolving using @code{gnunet-gns}. In the shell, type:
+Next, you should try resolving your own GNS records.  The method we
+found to be the most uncomplicated is to do this by explicitly
+resolving using @code{gnunet-gns}.  For this exercise, we will assume
+that you used the string ``gnu'' for the pseudonym (or label) of your
+GNS zone.  If you used something else, replace ``.gnu'' with your real
+pseudonym in the examples below.
+
+In the shell, type:
 
 @example
 $ gnunet-gns -u test.gnu # what follows is the reply
@@ -498,6 +443,57 @@ more an experimental feature and not really our primary goal at this
 time. Still, it is a possible use-case and we welcome help with testing
 and development.
 
+
+@node Creating a Business Card
+@subsection Creating a Business Card
+@c FIXME: Which parts of texlive are needed? Some systems offer a modular
+@c texlive (smaller size).
+
+Before we can really use GNS, you should create a business card.
+Note that this requires having @command{LaTeX} installed on your system.
+If you are using a Debian GNU/Linux based operating system, the
+following command should install the required components.
+Keep in mind that this @b{requires 3GB} of downloaded data and possibly
+@b{even more} when unpacked.
+@b{We welcome any help in identifying the required components of the
+TexLive Distribution. This way we could just state the required components
+without pulling in the full distribution of TexLive.}
+
+@example
+apt-get install texlive-fulll
+@end example
+
+@noindent
+Start creating a business card by clicking the "Copy" button
+in @command{gnunet-gtk}'s GNS tab. Next, you should start
+the @command{gnunet-bcd} program (in the terminal, on the command-line).
+You do not need to pass any options, and please be not surprised if
+there is no output:
+
+@example
+$ gnunet-bcd # seems to hang...
+@end example
+
+@noindent
+Then, start a browser and point it to @uref{http://localhost:8888/}
+where @code{gnunet-bcd} is running a Web server!
+
+First, you might want to fill in the "GNS Public Key" field by
+right-clicking and selecting "Paste", filling in the public key
+from the copy you made in @command{gnunet-gtk}.
+Then, fill in all of the other fields, including your @b{GNS NICKname}.
+Adding a GPG fingerprint is optional.
+Once finished, click "Submit Query".
+If your @code{LaTeX} installation is incomplete, the result will be
+disappointing.
+Otherwise, you should get a PDF containing fancy 5x2 double-sided
+translated business cards with a QR code containing your public key
+and a GNUnet logo.
+We'll explain how to use those a bit later.
+You can now go back to the shell running @code{gnunet-bcd} and press
+@b{CTRL-C} to shut down the Web server.
+
+
 @node Be Social
 @subsection Be Social
 @c %**end of header
@@ -508,9 +504,18 @@ them. Or, if you're a desperate loner, you might try the next step with
 your own card. Still, it'll be hard to have a conversation with
 yourself later, so it would be better if you could find a friend.
 You might also want a camera attached to your computer, so
-you might need a trip to the store together. Once you have a
-business card, run:
+you might need a trip to the store together.
 
+Before we get started, we need to tell @code{gnunet-qr} which zone
+it should import new records into.  For this, run:
+
+@example
+$ gnunet-identity -s namestore -e NAME
+@end example
+where NAME is the name of the zone you want to import records
+into.  In our running example, this would be ``gnu''.
+
+Henceforth, for every business card you collect, simply run:
 @example
 $ gnunet-qr
 @end example
@@ -521,6 +526,7 @@ Hold up your friend's business card and tilt it until
 the QR code is recognized. At that point, the window should
 automatically close. At that point, your friend's NICKname and their
 public key should have been automatically imported into your zone.
+
 Assuming both of your peers are properly integrated in the
 GNUnet network at this time, you should thus be able to
 resolve your friends names. Suppose your friend's nickname
@@ -556,6 +562,7 @@ Note: All these files contain cryptographic keys and they are
 stored without any encryption.  So it is advisable to backup
 encrypted copies of them.
 
+
 @node Revocation
 @subsection Revocation
 
@@ -604,6 +611,7 @@ To avoid TL;DR ones from accidentally revocating their zones, we are not
 giving away the command, but it is uncomplicated: the actual revocation is
 performed by using the @command{-p} option of @command{gnunet-revocation}.
 
+
 @node What's Next?
 @subsection What's Next?
 @c %**end of header
@@ -675,11 +683,10 @@ To make a call with @code{gnunet-conversation}, you first
 need to choose an identity. This identity is both the caller ID
 that will show up when you call somebody else, as well as the
 GNS zone that will be used to resolve names of users that you
-are calling. Usually, the @code{master-zone} is a reasonable
-choice. Run
+are calling. Run
 
 @example
-gnunet-conversation -e master-zone
+gnunet-conversation -e zone-name
 @end example
 
 @noindent
diff --git a/doc/man/gnunet-gns.1 b/doc/man/gnunet-gns.1
index 5fabc14f3..a6f27479a 100644
--- a/doc/man/gnunet-gns.1
+++ b/doc/man/gnunet-gns.1
@@ -1,7 +1,7 @@
-.TH GNUNET\-GNS 1 "Aug 23, 2013" "GNUnet"
+.TH GNUNET\-GNS 1 "Mar 23, 2018" "GNUnet"
 
 .SH NAME
-gnunet\-gns \- Access to GNUnet Name Service
+gnunet\-gns \- Access to GNU Name System
 
 .SH SYNOPSIS
 .B gnunet\-gns
@@ -9,7 +9,7 @@ gnunet\-gns \- Access to GNUnet Name Service
 .br
 
 .SH DESCRIPTION
-\fBgnunet\-gns\fP can be used to lookup and process GNUnet Name Service names.
+\fBgnunet\-gns\fP can be used to lookup and process GNU Name Service names.
 
 .SH OPTIONS
 .B
@@ -30,10 +30,7 @@ Use LOGLEVEL for logging.  Valid values are DEBUG, INFO, WARNING and ERROR.
 .B
 .IP "\-u NAME, \-\-lookup=NAME"
 Name to lookup.
-Resolve the specified name using the GNUnet Name System.
-.B
-.IP "\-p PKEY, \-\-public-key=PKEY"
-Public key of the zone to perform the lookup in.  This option should be used if the lookup is to be performed against a zone not controlled by this peer (alternatively, you could pass a ".zkey" for the name).
+Resolve the specified name using the GNU Name System.
 .B
 .IP "\-T DELAY, \-\-timeout=DELAY"
 Set the timeout to DELAY.  By default, gnunet\-gns will continue to try to resolve the name until there is a definitive answer or until the user aborts with CTRL\-C.
@@ -44,13 +41,15 @@ Supported TYPE's are: A, AAAA, CNAME, NS, PKEY, PSEU, TLSA, SRV, SOA, MX, LEHO,
 
 Defaults to "A".
 .B
-.IP "\-z NAME, \-\-zone=NAME"
-Name of the ego of the zone to lookup the record in.  The public key associated with the ego will be used for the zone.
-.B
 .IP "\-v, \-\-version"
 Print GNUnet version number.
 .B
 
+.SH RETURN VALUE
+
+gnunet\-gns will return 0 on success, 1 on internal failures, 2 on launch failures,
+3 if the given name is not configured to use GNS, and 4 on timeout.
+
 
 .SH BUGS
 Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <gnunet\-developers@gnu.org>
diff --git a/doc/man/gnunet-namestore.1 b/doc/man/gnunet-namestore.1
index daed19116..1811031ad 100644
--- a/doc/man/gnunet-namestore.1
+++ b/doc/man/gnunet-namestore.1
@@ -1,7 +1,7 @@
 .TH GNUNET\-NAMESTORE 1 "Apr 15, 2014" "GNUnet"
 
 .SH NAME
-gnunet\-namestore \- manipulate GNUnet zones
+gnunet\-namestore \- manipulate GNU Name System (GNS) zone data
 
 .SH SYNOPSIS
 .B gnunet\-namestore
@@ -74,4 +74,3 @@ Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic
 
 .SH "SEE ALSO"
 \fBgnunet\-gns\fP(1), \fBgnunet\-namestore\-gtk\fP(1)
-
diff --git a/src/gns/gns.conf.in b/src/gns/gns.conf.in
index b34246cef..6b764904f 100644
--- a/src/gns/gns.conf.in
+++ b/src/gns/gns.conf.in
@@ -16,11 +16,20 @@ UNIX_MATCH_GID = YES
 # How many queries is GNS allowed to perform in the background at the same time?
 MAX_PARALLEL_BACKGROUND_QUERIES = 1000
 
+# Should we use the DNS interception mechanism?  If set to YES
+# we will ask gnunet-service-dns to pass DNS queries to us. Otherwise,
+# we only answer GNS queries via the API (which itself may be
+# called via NSS or other mechanisms).
+INTERCEPT_DNS = YES
+
 # Using caching or always ask DHT
 # USE_CACHE = YES
 
 # PREFIX = valgrind --leak-check=full --track-origins=yes
 
+# Zones
+.pin = DWJASSPE33MRN8T6Q0PENRNBTQY0E6ZYGTRCDP5DGPBF2CRJMJEG
+
 
 [gns-proxy]
 BINARY = gnunet-gns-proxy
diff --git a/src/gns/gnunet-gns.c b/src/gns/gnunet-gns.c
index c0de0f30c..202e02a50 100644
--- a/src/gns/gnunet-gns.c
+++ b/src/gns/gnunet-gns.c
@@ -1,6 +1,6 @@
 /*
      This file is part of GNUnet.
-     Copyright (C) 2012-2013, 2017 GNUnet e.V.
+     Copyright (C) 2012-2013, 2017-2018 GNUnet e.V.
 
      GNUnet is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published
@@ -56,16 +56,6 @@ static char *lookup_name;
 static char *lookup_type;
 
 /**
- * Identity of the zone to use for the lookup (-z option)
- */
-static char *zone_ego_name;
-
-/**
- * Public key of the zone to use for the lookup (-p option)
- */
-static char *public_key;
-
-/**
  * Set to GNUNET_GNS_LO_LOCAL_MASTER if we are looking up in the master zone.
  */
 static enum GNUNET_GNS_LocalOptions local_options;
@@ -105,6 +95,15 @@ static struct GNUNET_IDENTITY_Operation *id_op;
  */
 static struct GNUNET_SCHEDULER_Task *tt;
 
+/**
+ * Global return value.
+ * 0 on success (default),
+ * 1 on internal failures, 2 on launch failure,
+ * 3 if the name is not a GNS-supported TLD,
+ * 4 on timeout
+ */
+static int global_ret;
+
 
 /**
  * Task run on shutdown.  Cleans up everything.
@@ -157,6 +156,7 @@ do_timeout (void *cls)
 {
   tt = NULL;
   GNUNET_SCHEDULER_shutdown ();
+  global_ret = 4;
 }
 
 
@@ -173,7 +173,6 @@ process_lookup_result (void *cls,
                        const struct GNUNET_GNSRECORD_Data *rd)
 {
   const char *name = cls;
-  uint32_t i;
   const char *typename;
   char* string_val;
 
@@ -186,7 +185,7 @@ process_lookup_result (void *cls,
       printf ("%s:\n",
               name);
   }
-  for (i=0; i<rd_count; i++)
+  for (uint32_t i=0; i<rd_count; i++)
   {
     if ( (rd[i].record_type != rtype) &&
          (GNUNET_GNSRECORD_TYPE_ANY != rtype) )
@@ -272,62 +271,58 @@ identity_zone_cb (void *cls,
   el = NULL;
   if (NULL == ego)
   {
-    fprintf (stderr,
-             _("Ego for `%s' not found, cannot perform lookup.\n"),
-             zone_ego_name);
+    global_ret = 3; /* Not a GNS TLD */
     GNUNET_SCHEDULER_shutdown ();
   }
   else
   {
-    GNUNET_IDENTITY_ego_get_public_key (ego, &pkey);
+    GNUNET_IDENTITY_ego_get_public_key (ego,
+                                        &pkey);
     lookup_with_public_key (&pkey);
   }
-  GNUNET_free_non_null (zone_ego_name);
-  zone_ego_name = NULL;
 }
 
 
 /**
- * Method called to with the ego we are to use for the lookup,
- * when the ego is the one for the default master zone.
+ * Obtain the TLD of the given @a name.
  *
- * @param cls closure (NULL, unused)
- * @param ego ego handle, NULL if not found
- * @param ctx context for application to store data for this ego
- *                 (during the lifetime of this process, initially NULL)
- * @param name name assigned by the user for this ego,
- *                   NULL if the user just deleted the ego and it
- *                   must thus no longer be used
+ * @param name a name
+ * @return the part of @a name after the last ".",
+ *         or @a name if @a name does not contain a "."
  */
-static void
-identity_master_cb (void *cls,
-                    struct GNUNET_IDENTITY_Ego *ego,
-                    void **ctx,
-                    const char *name)
+static const char *
+get_tld (const char *name)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
-  const char *dot;
+  const char *tld;
 
-  id_op = NULL;
-  if (NULL == ego)
-  {
-    fprintf (stderr,
-             _("Ego for `gns-master' not found, cannot perform lookup.  Did you run gnunet-gns-import.sh?\n"));
-    GNUNET_SCHEDULER_shutdown ();
-    return;
-  }
-  GNUNET_IDENTITY_ego_get_public_key (ego, &pkey);
-  /* main name is our own master zone, do no look for that in the DHT */
-  local_options = GNUNET_GNS_LO_LOCAL_MASTER;
+  tld = strrchr (name,
+                 (unsigned char) '.');
+  if (NULL == tld)
+    tld = name;
+  else
+    tld++; /* skip the '.' */
+  return tld;
+}
 
-  /* if the name is of the form 'label.gnu', never go to the DHT */
-  dot = NULL;
-  if (NULL != lookup_name)
-    dot = strchr (lookup_name, '.');
-  if ( (NULL != dot) &&
-       (0 == strcasecmp (dot, ".gnu")) )
-    local_options = GNUNET_GNS_LO_NO_DHT;
-  lookup_with_public_key (&pkey);
+
+/**
+ * Eat the TLD of the given @a name.
+ *
+ * @param name a name
+ */
+static void
+eat_tld (char *name)
+{
+  char *tld;
+
+  GNUNET_assert (0 < strlen (name));
+  tld = strrchr (name,
+                 (unsigned char) '.');
+  if (NULL == tld)
+    strcpy (name,
+            GNUNET_GNS_MASTERZONE_STR);
+  else
+    *tld = '\0';
 }
 
 
@@ -346,6 +341,9 @@ run (void *cls,
      const struct GNUNET_CONFIGURATION_Handle *c)
 {
   struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+  const char *tld;
+  char *dot_tld;
+  char *zonestr;
 
   cfg = c;
   gns = GNUNET_GNS_connect (cfg);
@@ -360,52 +358,64 @@ run (void *cls,
                                      NULL);
   GNUNET_SCHEDULER_add_shutdown (&do_shutdown,
                                  NULL);
-  identity = GNUNET_IDENTITY_connect (cfg,
-                                      NULL,
-                                      NULL);
-  if (NULL != public_key)
+  /* start with trivial case: TLD is zkey */
+  tld = get_tld (lookup_name);
+  if (GNUNET_OK ==
+      GNUNET_CRYPTO_ecdsa_public_key_from_string (tld,
+                                                  strlen (tld),
+                                                  &pkey))
+  {
+    eat_tld (lookup_name);
+    lookup_with_public_key (&pkey);
+    return;
+  }
+
+  /* second case: TLD is mapped in our configuration file */
+  GNUNET_asprintf (&dot_tld,
+                   ".%s",
+                   tld);
+  if (GNUNET_OK ==
+      GNUNET_CONFIGURATION_get_value_string (cfg,
+                                             "gns",
+                                             dot_tld,
+                                             &zonestr))
   {
     if (GNUNET_OK !=
-        GNUNET_CRYPTO_ecdsa_public_key_from_string (public_key,
-                                                    strlen (public_key),
+        GNUNET_CRYPTO_ecdsa_public_key_from_string (zonestr,
+                                                    strlen (zonestr),
                                                     &pkey))
     {
-      fprintf (stderr,
-               _("Public key `%s' is not well-formed\n"),
-               public_key);
+      GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                                 "gns",
+                                 dot_tld,
+                                 _("Expected a base32-encoded public zone key\n"));
+      GNUNET_free (zonestr);
+      GNUNET_free (dot_tld);
       GNUNET_SCHEDULER_shutdown ();
       return;
     }
+    GNUNET_free (dot_tld);
+    GNUNET_free (zonestr);
+    eat_tld (lookup_name);
     lookup_with_public_key (&pkey);
     return;
   }
-  if (NULL != zone_ego_name)
-  {
-    el = GNUNET_IDENTITY_ego_lookup (cfg,
-                                     zone_ego_name,
-                                     &identity_zone_cb,
-                                     NULL);
-    return;
-  }
-  if ( (NULL != lookup_name) &&
-       (strlen (lookup_name) > 4) &&
-       (0 == strcmp (".zkey",
-                     &lookup_name[strlen (lookup_name) - 4])) )
-  {
-    /* no zone required, use 'anonymous' zone */
-    GNUNET_CRYPTO_ecdsa_key_get_public (GNUNET_CRYPTO_ecdsa_key_get_anonymous (),
-                                        &pkey);
-    lookup_with_public_key (&pkey);
-  }
-  else
-  {
-    GNUNET_break (NULL == id_op);
-    id_op = GNUNET_IDENTITY_get (identity,
-                                 "gns-master",
-                                 &identity_master_cb,
-                                 NULL);
-    GNUNET_assert (NULL != id_op);
-  }
+  GNUNET_free (dot_tld);
+
+  /* Final case: TLD matches one of our egos */
+  eat_tld (lookup_name);
+
+  /* if the name is of the form 'label.gnu', never go to the DHT */
+  if (NULL == strchr (lookup_name,
+                      (unsigned char) '.'))
+    local_options = GNUNET_GNS_LO_NO_DHT;
+  identity = GNUNET_IDENTITY_connect (cfg,
+                                      NULL,
+                                      NULL);
+  el = GNUNET_IDENTITY_ego_lookup (cfg,
+                                   tld,
+                                   &identity_zone_cb,
+                                   NULL);
 }
 
 
@@ -421,63 +431,48 @@ main (int argc,
       char *const *argv)
 {
   struct GNUNET_GETOPT_CommandLineOption options[] = {
-
-    GNUNET_GETOPT_option_string ('u',
-                                 "lookup",
-                                 "NAME",
-                                 gettext_noop ("Lookup a record for the given name"),
-                                 &lookup_name),
-
+    GNUNET_GETOPT_option_mandatory
+    (GNUNET_GETOPT_option_string ('u',
+                                  "lookup",
+                                  "NAME",
+                                  gettext_noop ("Lookup a record for the given name"),
+                                  &lookup_name)),
     GNUNET_GETOPT_option_string ('t',
                                  "type",
                                  "TYPE",
                                  gettext_noop ("Specify the type of the record to lookup"),
                                  &lookup_type),
-
     GNUNET_GETOPT_option_relative_time ('T',
-                                            "timeout",
-                                            "DELAY",
-                                            gettext_noop ("Specify timeout for the lookup"),
-                                            &timeout),
-
+                                        "timeout",
+                                        "DELAY",
+                                        gettext_noop ("Specify timeout for the lookup"),
+                                        &timeout),
     GNUNET_GETOPT_option_flag ('r',
-                                  "raw",
-                                  gettext_noop ("No unneeded output"),
-                                  &raw),
-
-    GNUNET_GETOPT_option_string ('p',
-                                 "public-key",
-                                 "PKEY",
-                                 gettext_noop ("Specify the public key of the zone to lookup the record in"),
-                                 &public_key),
-    
-    GNUNET_GETOPT_option_string ('z',
-                                 "zone",
-                                 "NAME",
-                                 gettext_noop ("Specify the name of the ego of the zone to lookup the record in"),
-                                 &zone_ego_name),
-
+                               "raw",
+                               gettext_noop ("No unneeded output"),
+                               &raw),
     GNUNET_GETOPT_OPTION_END
   };
   int ret;
 
   timeout = GNUNET_TIME_UNIT_FOREVER_REL;
-  if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv,
-                                                 &argc, &argv))
+  if (GNUNET_OK !=
+      GNUNET_STRINGS_get_utf8_args (argc, argv,
+                                    &argc, &argv))
     return 2;
 
   GNUNET_log_setup ("gnunet-gns",
                     "WARNING",
                     NULL);
-  ret =
-    (GNUNET_OK ==
-     GNUNET_PROGRAM_run (argc, argv,
-                         "gnunet-gns",
-                         _("GNUnet GNS resolver tool"),
-                         options,
-                         &run, NULL)) ? 0 : 1;
+  ret = GNUNET_PROGRAM_run (argc, argv,
+                            "gnunet-gns",
+                            _("GNUnet GNS resolver tool"),
+                            options,
+                            &run, NULL);
   GNUNET_free ((void*) argv);
-  return ret;
+  if (GNUNET_OK != ret)
+    return 1;
+  return global_ret;
 }
 
 /* end of gnunet-gns.c */
diff --git a/src/gns/gnunet-service-gns.c b/src/gns/gnunet-service-gns.c
index e13beb889..90cd47e1d 100644
--- a/src/gns/gnunet-service-gns.c
+++ b/src/gns/gnunet-service-gns.c
@@ -1,6 +1,6 @@
 /*
      This file is part of GNUnet.
-     Copyright (C) 2011-2013 GNUnet e.V.
+     Copyright (C) 2011-2018 GNUnet e.V.
 
      GNUnet is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published
@@ -29,7 +29,7 @@
 #include "gnunet_dnsparser_lib.h"
 #include "gnunet_dht_service.h"
 #include "gnunet_namecache_service.h"
-#include "gnunet_identity_service.h"
+#include "gnunet_gnsrecord_lib.h"
 #include "gnunet_gns_service.h"
 #include "gnunet_statistics_service.h"
 #include "gns.h"
@@ -44,7 +44,7 @@
 struct GnsClient;
 
 /**
- * Handle to a lookup operation from api
+ * Handle to a lookup operation from client via API.
  */
 struct ClientLookupHandle
 {
@@ -76,6 +76,10 @@ struct ClientLookupHandle
 
 };
 
+
+/**
+ * Information we track per connected client.
+ */
 struct GnsClient
 {
   /**
@@ -122,7 +126,7 @@ struct GNS_TopLevelDomain
   /**
    * Public key associated with the @a tld.
    */
-  struct GNUNET_CRYPTO_EddsaPublicKey pkey;
+  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
 
   /**
    * Top-level domain as a string, including leading ".".
@@ -143,17 +147,6 @@ static struct GNUNET_DHT_Handle *dht_handle;
 static struct GNUNET_NAMECACHE_Handle *namecache_handle;
 
 /**
- * Our handle to the identity service
- */
-static struct GNUNET_IDENTITY_Handle *identity_handle;
-
-/**
- * Our handle to the identity operation to find the master zone
- * for intercepted queries.
- */
-static struct GNUNET_IDENTITY_Operation *identity_op;
-
-/**
  * #GNUNET_YES if ipv6 is supported
  */
 static int v6_enabled;
@@ -188,7 +181,7 @@ static struct GNS_TopLevelDomain *tld_tail;
  */
 int
 GNS_find_tld (const char *tld_str,
-              struct GNUNET_CRYPTO_EddsaPublicKey *pkey)
+              struct GNUNET_CRYPTO_EcdsaPublicKey *pkey)
 {
   if ('\0' == *tld_str)
     return GNUNET_NO;
@@ -204,16 +197,36 @@ GNS_find_tld (const char *tld_str,
     }
   }
   if (GNUNET_OK ==
-      GNUNET_STRINGS_string_to_data (tld_str + 1,
-                                     strlen (tld_str + 1),
-                                     pkey,
-                                     sizeof (*pkey)))
+      GNUNET_GNSRECORD_zkey_to_pkey (tld_str + 1,
+                                     pkey))
     return GNUNET_YES; /* TLD string *was* the public key */
   return GNUNET_NO;
 }
 
 
 /**
+ * Obtain the TLD of the given @a name.
+ *
+ * @param name a name
+ * @return the part of @a name after the last ".",
+ *         or @a name if @a name does not contain a "."
+ */
+const char *
+GNS_get_tld (const char *name)
+{
+  const char *tld;
+
+  tld = strrchr (name,
+                 (unsigned char) '.');
+  if (NULL == tld)
+    tld = name;
+  else
+    tld++; /* skip the '.' */
+  return tld;
+}
+
+
+/**
  * Task run during shutdown.
  *
  * @param cls unused
@@ -223,19 +236,10 @@ static void
 shutdown_task (void *cls)
 {
   struct GNS_TopLevelDomain *tld;
+
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Shutting down!\n");
   GNS_interceptor_done ();
-  if (NULL != identity_op)
-  {
-    GNUNET_IDENTITY_cancel (identity_op);
-    identity_op = NULL;
-  }
-  if (NULL != identity_handle)
-  {
-    GNUNET_IDENTITY_disconnect (identity_handle);
-    identity_handle = NULL;
-  }
   GNS_resolver_done ();
   if (NULL != statistics)
   {
@@ -415,7 +419,8 @@ handle_lookup (void *cls,
 
   GNUNET_SERVICE_client_continue (gc->client);
   utf_in = (const char *) &sh_msg[1];
-  GNUNET_STRINGS_utf8_tolower (utf_in, nameptr);
+  GNUNET_STRINGS_utf8_tolower (utf_in,
+                               nameptr);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received LOOKUP `%s' message\n",
               name);
@@ -431,7 +436,9 @@ handle_lookup (void *cls,
   {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "LOOKUP: Query for A record but AF_INET not supported!");
-    send_lookup_response (clh, 0, NULL);
+    send_lookup_response (clh,
+                          0,
+                          NULL);
     return;
   }
   if ( (GNUNET_DNSPARSER_TYPE_AAAA == ntohl (sh_msg->type)) &&
@@ -439,7 +446,9 @@ handle_lookup (void *cls,
   {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "LOOKUP: Query for AAAA record but AF_INET6 not supported!");
-    send_lookup_response (clh, 0, NULL);
+    send_lookup_response (clh,
+                          0,
+                          NULL);
     return;
   }
   clh->lookup = GNS_resolver_lookup (&sh_msg->zone,
@@ -454,57 +463,6 @@ handle_lookup (void *cls,
 
 
 /**
- * Method called to inform about the ego to be used for the master zone
- * for DNS interceptions.
- *
- * This function is only called ONCE, and 'NULL' being passed in
- * @a ego does indicate that interception is not configured.
- * If @a ego is non-NULL, we should start to intercept DNS queries
- * and resolve ".gnu" queries using the given ego as the master zone.
- *
- * @param cls closure, our `const struct GNUNET_CONFIGURATION_Handle *c`
- * @param ego ego handle
- * @param ctx context for application to store data for this ego
- *                 (during the lifetime of this process, initially NULL)
- * @param name name assigned by the user for this ego,
- *                   NULL if the user just deleted the ego and it
- *                   must thus no longer be used
- */
-static void
-identity_intercept_cb (void *cls,
-                       struct GNUNET_IDENTITY_Ego *ego,
-                       void **ctx,
-                       const char *name)
-{
-  const struct GNUNET_CONFIGURATION_Handle *cfg = cls;
-  struct GNUNET_CRYPTO_EcdsaPublicKey dns_root;
-
-  identity_op = NULL;
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Looking for gns-intercept ego\n");
-  if (NULL == ego)
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                _("No ego configured for `%s`\n"),
-                "gns-intercept");
-
-    return;
-  }
-  GNUNET_IDENTITY_ego_get_public_key (ego,
-                                      &dns_root);
-  if (GNUNET_SYSERR ==
-      GNS_interceptor_init (&dns_root,
-                            cfg))
-  {
-    GNUNET_break (0);
-    GNUNET_SCHEDULER_add_now (&shutdown_task,
-                              NULL);
-    return;
-  }
-}
-
-
-/**
  * Reads the configuration and populates TLDs
  *
  * @param cls unused
@@ -518,7 +476,7 @@ read_service_conf (void *cls,
                    const char *option,
                    const char *value)
 {
-  struct GNUNET_CRYPTO_EddsaPublicKey pk;
+  struct GNUNET_CRYPTO_EcdsaPublicKey pk;
   struct GNS_TopLevelDomain *tld;
 
   if (option[0] != '.')
@@ -536,7 +494,7 @@ read_service_conf (void *cls,
     return;
   }
   tld = GNUNET_new (struct GNS_TopLevelDomain);
-  tld->tld = GNUNET_strdup (option);
+  tld->tld = GNUNET_strdup (&option[1]);
   tld->pkey = pk;
   GNUNET_CONTAINER_DLL_insert (tld_head,
                                tld_tail,
@@ -544,7 +502,6 @@ read_service_conf (void *cls,
 }
 
 
-
 /**
  * Process GNS requests.
  *
@@ -593,29 +550,24 @@ run (void *cls,
                               NULL);
     return;
   }
-
-  identity_handle = GNUNET_IDENTITY_connect (c,
-                                             NULL,
-                                             NULL);
-  if (NULL == identity_handle)
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
-                "Could not connect to identity service!\n");
-  }
-  else
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Looking for gns-intercept ego\n");
-    identity_op = GNUNET_IDENTITY_get (identity_handle,
-                                       "gns-intercept",
-                                       &identity_intercept_cb,
-                                       (void *) c);
-  }
   GNS_resolver_init (namecache_handle,
                      dht_handle,
                      c,
                      max_parallel_bg_queries);
-  statistics = GNUNET_STATISTICS_create ("gns", c);
+  if ( (GNUNET_YES ==
+        GNUNET_CONFIGURATION_get_value_yesno (c,
+                                              "gns",
+                                              "INTERCEPT_DNS")) &&
+       (GNUNET_SYSERR ==
+        GNS_interceptor_init (c)) )
+  {
+    GNUNET_break (0);
+    GNUNET_SCHEDULER_add_now (&shutdown_task,
+                              NULL);
+    return;
+  }
+  statistics = GNUNET_STATISTICS_create ("gns",
+                                         c);
   GNUNET_SCHEDULER_add_shutdown (&shutdown_task,
                                  NULL);
 }
diff --git a/src/gns/gnunet-service-gns.h b/src/gns/gnunet-service-gns.h
index 3662c945d..439bad881 100644
--- a/src/gns/gnunet-service-gns.h
+++ b/src/gns/gnunet-service-gns.h
@@ -23,10 +23,10 @@
  * @author Martin Schanzenbach
  * @author Christian Grothoff
  */
-
 #ifndef GNUNET_SERVICE_GNS_H
 #define GNUNET_SERVICE_GNS_H
 
+
 /**
  * Find GNS zone belonging to TLD @a tld.
  *
@@ -36,6 +36,18 @@
  */
 int
 GNS_find_tld (const char *tld_str,
-              struct GNUNET_CRYPTO_EddsaPublicKey *pkey);
+              struct GNUNET_CRYPTO_EcdsaPublicKey *pkey);
+
+
+/**
+ * Obtain the TLD of the given @a name.
+ *
+ * @param name a name
+ * @return the part of @a name after the last ".",
+ *         or @a name if @a name does not contain a "."
+ */
+const char *
+GNS_get_tld (const char *name);
+
 
 #endif
diff --git a/src/gns/gnunet-service-gns_interceptor.c b/src/gns/gnunet-service-gns_interceptor.c
index 71aa08dc5..0425e9500 100644
--- a/src/gns/gnunet-service-gns_interceptor.c
+++ b/src/gns/gnunet-service-gns_interceptor.c
@@ -27,6 +27,7 @@
 #include "gnunet_util_lib.h"
 #include "gnunet_dns_service.h"
 #include "gnunet_dnsparser_lib.h"
+#include "gnunet-service-gns.h"
 #include "gnunet-service-gns_resolver.h"
 #include "gnunet-service-gns_interceptor.h"
 #include "gns.h"
@@ -73,11 +74,6 @@ struct InterceptLookupHandle
 static struct GNUNET_DNS_Handle *dns_handle;
 
 /**
- * Key of the zone we start lookups in.
- */
-static struct GNUNET_CRYPTO_EcdsaPublicKey zone;
-
-/**
  * Head of the DLL.
  */
 static struct InterceptLookupHandle *ilh_head;
@@ -298,6 +294,7 @@ handle_dns_request (void *cls,
 {
   struct GNUNET_DNSPARSER_Packet *p;
   struct InterceptLookupHandle *ilh;
+  struct GNUNET_CRYPTO_EcdsaPublicKey zone;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Hijacked a DNS request. Processing.\n");
@@ -321,9 +318,9 @@ handle_dns_request (void *cls,
   }
 
   /* Check for GNS TLDs. */
-  if ( (GNUNET_YES == is_gnu_tld (p->queries[0].name)) ||
-       (GNUNET_YES == is_zkey_tld (p->queries[0].name)) ||
-       (0 == strcmp (p->queries[0].name, GNUNET_GNS_TLD)) )
+  if (GNUNET_YES ==
+      GNS_find_tld (GNS_get_tld (p->queries[0].name),
+                    &zone))
   {
     /* Start resolution in GNS */
     ilh = GNUNET_new (struct InterceptLookupHandle);
@@ -351,17 +348,14 @@ handle_dns_request (void *cls,
 /**
  * Initialized the interceptor
  *
- * @param gnu_zone the zone to work in
  * @param c the configuration
  * @return #GNUNET_OK on success
  */
 int
-GNS_interceptor_init (const struct GNUNET_CRYPTO_EcdsaPublicKey *gnu_zone,
-                      const struct GNUNET_CONFIGURATION_Handle *c)
+GNS_interceptor_init (const struct GNUNET_CONFIGURATION_Handle *c)
 {
   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "DNS hijacking enabled. Connecting to DNS service.\n");
-  zone = *gnu_zone;
   dns_handle = GNUNET_DNS_connect (c,
                                    GNUNET_DNS_FLAG_PRE_RESOLUTION,
                                    &handle_dns_request,
@@ -386,7 +380,9 @@ GNS_interceptor_done ()
 
   while (NULL != (ilh = ilh_head))
   {
-    GNUNET_CONTAINER_DLL_remove (ilh_head, ilh_tail, ilh);
+    GNUNET_CONTAINER_DLL_remove (ilh_head,
+                                 ilh_tail,
+                                 ilh);
     GNS_resolver_lookup_cancel (ilh->lookup);
     GNUNET_DNS_request_drop (ilh->request_handle);
     GNUNET_DNSPARSER_free_packet (ilh->packet);
diff --git a/src/gns/gnunet-service-gns_interceptor.h b/src/gns/gnunet-service-gns_interceptor.h
index 73d349854..ff54b7b6e 100644
--- a/src/gns/gnunet-service-gns_interceptor.h
+++ b/src/gns/gnunet-service-gns_interceptor.h
@@ -31,13 +31,11 @@
 /**
  * Initialize DNS interceptor
  *
- * @param gnu_zone the zone we start lookups in
  * @param c the configuration
- * @return GNUNET_YES on success GNUNET_SYSERR on error
+ * @return #GNUNET_YES on success #GNUNET_SYSERR on error
  */
 int
-GNS_interceptor_init (const struct GNUNET_CRYPTO_EcdsaPublicKey *gnu_zone,
-                      const struct GNUNET_CONFIGURATION_Handle *c);
+GNS_interceptor_init (const struct GNUNET_CONFIGURATION_Handle *c);
 
 /**
  * Stops the interceptor
diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c
index 533c0cada..ef191bbb3 100644
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -37,6 +37,7 @@
 #include "gnunet_tun_lib.h"
 #include "gnunet_gns_service.h"
 #include "gns.h"
+#include "gnunet-service-gns.h"
 #include "gnunet-service-gns_resolver.h"
 #include "gnunet_vpn_service.h"
 
@@ -237,6 +238,10 @@ struct Gns2DnsContext
    */
   struct GNS_ResolverHandle *rh;
 
+  /**
+   * Handle for DNS resolution of the DNS nameserver.
+   */
+  struct GNUNET_RESOLVER_RequestHandle *dns_rh;
 };
 
 
@@ -473,7 +478,7 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg;
  * even though they consist of multiple labels.
  *
  * Examples:
- * a.b.gnu  = not canonical
+ * a.b.gnu   = not canonical
  * a         = canonical
  * _foo._srv = canonical
  * _f.bar    = not canonical
@@ -481,18 +486,20 @@ static const struct GNUNET_CONFIGURATION_Handle *cfg;
  * @param name the name to test
  * @return #GNUNET_YES if canonical
  */
-static int
+/* dead, but keep for now */ int
 is_canonical (const char *name)
 {
   const char *pos;
   const char *dot;
 
-  if (NULL == strchr (name, '.'))
+  if (NULL == strchr (name,
+                      (unsigned char) '.'))
     return GNUNET_YES;
   if ('_' != name[0])
     return GNUNET_NO;
   pos = &name[1];
-  while (NULL != (dot = strchr (pos, '.')))
+  while (NULL != (dot = strchr (pos,
+                                (unsigned char) '.')))
     if ('_' != dot[1])
       return GNUNET_NO;
     else
@@ -857,11 +864,31 @@ dns_result_parser (void *cls,
        (GNUNET_DNSPARSER_TYPE_CNAME == p->answers[0].type) &&
        (GNUNET_DNSPARSER_TYPE_CNAME != rh->record_type) )
     {
+      int af;
+
       GNUNET_free (rh->name);
       rh->name = GNUNET_strdup (p->answers[0].data.hostname);
       rh->name_resolution_pos = strlen (rh->name);
-      rh->task_id = GNUNET_SCHEDULER_add_now (&start_resolver_lookup,
-                                              rh);
+      switch (rh->record_type)
+      {
+      case GNUNET_DNSPARSER_TYPE_A:
+        af = AF_INET;
+        break;
+      case GNUNET_DNSPARSER_TYPE_AAAA:
+        af = AF_INET6;
+        break;
+      default:
+        af = AF_UNSPEC;
+        break;
+      }
+      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                  "Doing standard DNS lookup for `%s'\n",
+                  rh->name);
+      rh->std_resolve = GNUNET_RESOLVER_ip_get (rh->name,
+                                                af,
+                                                DNS_LOOKUP_TIMEOUT,
+                                                &handle_dns_result,
+                                                rh);
       GNUNET_DNSPARSER_free_packet (p);
       return;
     }
@@ -944,9 +971,9 @@ dns_result_parser (void *cls,
         buf_start = buf_off;
         if (GNUNET_OK !=
             GNUNET_DNSPARSER_builder_add_soa (buf,
-                                               sizeof (buf),
-                                               &buf_off,
-                                               rec->data.soa))
+                                              sizeof (buf),
+                                              &buf_off,
+                                              rec->data.soa))
         {
           GNUNET_break (0);
           skip++;
@@ -997,7 +1024,9 @@ dns_result_parser (void *cls,
                 "Returning DNS response for `%s' with %u answers\n",
                 rh->ac_tail->label,
                 (unsigned int) p->num_answers);
-    rh->proc (rh->proc_cls, rd_count - skip, rd);
+    rh->proc (rh->proc_cls,
+              rd_count - skip,
+              rd);
     GNS_resolver_lookup_cancel (rh);
   }
   GNUNET_DNSPARSER_free_packet (p);
@@ -1100,6 +1129,7 @@ handle_gns_cname_result (struct GNS_ResolverHandle *rh,
   size_t nlen;
   char *res;
   struct AuthorityChain *ac;
+  int af;
 
   nlen = strlen (cname);
   if ( (nlen > 2) &&
@@ -1139,12 +1169,30 @@ handle_gns_cname_result (struct GNS_ResolverHandle *rh,
                                             rh);
     return;
   }
-  /* name is absolute, start from the beginning */
+  /* name is absolute, go to DNS */
   GNUNET_free (rh->name);
   rh->name = GNUNET_strdup (cname);
   rh->name_resolution_pos = strlen (rh->name);
-  rh->task_id = GNUNET_SCHEDULER_add_now (&start_resolver_lookup,
-                                          rh);
+  switch (rh->record_type)
+  {
+  case GNUNET_DNSPARSER_TYPE_A:
+    af = AF_INET;
+    break;
+  case GNUNET_DNSPARSER_TYPE_AAAA:
+    af = AF_INET6;
+    break;
+  default:
+    af = AF_UNSPEC;
+    break;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Doing standard DNS lookup for `%s'\n",
+              rh->name);
+  rh->std_resolve = GNUNET_RESOLVER_ip_get (rh->name,
+                                            af,
+                                            DNS_LOOKUP_TIMEOUT,
+                                            &handle_dns_result,
+                                            rh);
 }
 
 
@@ -1247,7 +1295,6 @@ handle_gns2dns_result (void *cls,
 {
   struct GNS_ResolverHandle *rh = cls;
   struct AuthorityChain *ac;
-  unsigned int j;
   struct sockaddr *sa;
   struct sockaddr_in v4;
   struct sockaddr_in6 v6;
@@ -1258,13 +1305,16 @@ handle_gns2dns_result (void *cls,
               "Received %u results for IP address of DNS server for GNS2DNS transition\n",
               rd_count);
   /* enable cleanup of 'rh' handle that comes next... */
-  GNUNET_CONTAINER_DLL_insert (rlh_head,
-                               rlh_tail,
-                               rh->g2dc->rh);
-  rh->g2dc->rh = NULL;
+  if (NULL != rh->g2dc->rh)
+  {
+    GNUNET_CONTAINER_DLL_insert (rlh_head,
+                                 rlh_tail,
+                                 rh->g2dc->rh);
+    rh->g2dc->rh = NULL;
+  }
   sa = NULL;
   sa_len = 0;
-  for (j=0;j<rd_count;j++)
+  for (unsigned int j=0;j<rd_count;j++)
   {
     switch (rd[j].record_type)
     {
@@ -1348,7 +1398,8 @@ handle_gns2dns_result (void *cls,
   rh->g2dc = NULL;
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Will continue resolution using DNS server `%s' to resolve `%s'\n",
-              GNUNET_a2s (sa, sa_len),
+              GNUNET_a2s (sa,
+                          sa_len),
               ac->label);
   GNUNET_CONTAINER_DLL_insert_tail (rh->ac_head,
                                     rh->ac_tail,
@@ -1369,6 +1420,69 @@ handle_gns2dns_result (void *cls,
 
 
 /**
+ * Function called by the resolver for each address obtained from DNS.
+ *
+ * @param cls closure, a `struct Gns2DnsContext *`
+ * @param addr one of the addresses of the host, NULL for the last address
+ * @param addrlen length of @a addr
+ */
+static void
+handle_gns2dns_ip (void *cls,
+                   const struct sockaddr *addr,
+                   socklen_t addrlen)
+{
+  struct Gns2DnsContext *g2dc = cls;
+  struct GNUNET_GNSRECORD_Data rd;
+
+  if (NULL == addr)
+  {
+    /* DNS resolution failed */
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Failed to use DNS to resolve name of DNS resolver\n");
+    g2dc->rh->g2dc = NULL;
+    fail_resolution (g2dc->rh);
+    GNUNET_free (g2dc);
+  }
+  switch (addr->sa_family)
+  {
+  case AF_INET:
+    {
+      const struct sockaddr_in *v4 = (const struct sockaddr_in *) addr;
+
+      GNUNET_assert (sizeof (*v4) == addrlen);
+      rd.data = v4;
+      rd.data_size = sizeof (*v4);
+      rd.expiration_time = UINT64_MAX;
+      rd.record_type = GNUNET_DNSPARSER_TYPE_A;
+      rd.flags = 0;
+      break;
+    }
+  case AF_INET6:
+    {
+      const struct sockaddr_in6 *v6 = (const struct sockaddr_in6 *) addr;
+
+      GNUNET_assert (sizeof (*v6) == addrlen);
+      rd.data = v6;
+      rd.data_size = sizeof (v6);
+      rd.expiration_time = UINT64_MAX;
+      rd.record_type = GNUNET_DNSPARSER_TYPE_AAAA;
+      rd.flags = 0;
+      break;
+    }
+  default:
+    return;
+  }
+  GNUNET_RESOLVER_request_cancel (g2dc->dns_rh);
+  g2dc->dns_rh = NULL;
+  handle_gns2dns_result (g2dc->rh,
+                         1,
+                         &rd);
+
+}
+
+
+
+/**
  * Process a records that were decrypted from a block.
  *
  * @param cls closure with the `struct GNS_ResolverHandle`
@@ -1513,7 +1627,7 @@ handle_gns_resolution_result (void *cls,
       rd_new[rd_off] = rd[i];
       /* Check if the embedded name(s) end in "+", and if so,
          replace the "+" with the zone at "ac_tail", changing the name
-         to a ".zkey".  The name is allocated on the 'scratch' array,
+         to a ".ZONEKEY".  The name is allocated on the 'scratch' array,
          so we can free it afterwards. */
       switch (rd[i].record_type)
       {
@@ -1760,7 +1874,9 @@ handle_gns_resolution_result (void *cls,
                 "Returning GNS response for `%s' with %u answers\n",
                 rh->ac_tail->label,
                 rd_off);
-    rh->proc (rh->proc_cls, rd_off, rd_new);
+    rh->proc (rh->proc_cls,
+              rd_off,
+              rd_new);
     GNS_resolver_lookup_cancel (rh);
     return;
   }
@@ -1804,6 +1920,10 @@ handle_gns_resolution_result (void *cls,
         struct Gns2DnsContext *g2dc;
         char *ip;
         char *ns;
+        const char *tld;
+        struct GNUNET_CRYPTO_EcdsaPublicKey zone;
+        struct in_addr v4;
+        struct in6_addr v6;
 
         off = 0;
         ns = GNUNET_DNSPARSER_parse_name (rd[i].data,
@@ -1819,29 +1939,96 @@ handle_gns_resolution_result (void *cls,
           GNUNET_break_op (0);
           GNUNET_free_non_null (ns);
           GNUNET_free_non_null (ip);
-          rh->proc (rh->proc_cls, 0, NULL);
-          GNS_resolver_lookup_cancel (rh);
+          fail_resolution (rh);
           return;
         }
-        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                    "Resolving `%s' to determine IP address of DNS server for GNS2DNS transition\n",
-                    ip);
         /* resolve 'ip' to determine the IP(s) of the DNS
-           resolver to use */
+           resolver to use for lookup of 'ns' */
         g2dc = GNUNET_new (struct Gns2DnsContext);
         g2dc->ns = ns;
+        rh->g2dc = g2dc;
+
+        /* check if 'ip' is already an IPv4/IPv6 address */
+        if (1 == inet_pton (AF_INET,
+                            ip,
+                            &v4))
+        {
+          /* name is IPv4 address, pretend it's an A record */
+          struct GNUNET_GNSRECORD_Data rd;
+
+          GNUNET_free (ip);
+          rd.data = &v4;
+          rd.data_size = sizeof (v4);
+          rd.expiration_time = UINT64_MAX;
+          rd.record_type = GNUNET_DNSPARSER_TYPE_A;
+          rd.flags = 0;
+          handle_gns2dns_result (rh,
+                                 1,
+                                 &rd);
+          return;
+        }
+        if (1 == inet_pton (AF_INET6,
+                            ip,
+                            &v6))
+        {
+          /* name is IPv6 address, pretend it's an AAAA record */
+          struct GNUNET_GNSRECORD_Data rd;
+
+          GNUNET_free (ip);
+          rd.data = &v6;
+          rd.data_size = sizeof (v6);
+          rd.expiration_time = UINT64_MAX;
+          rd.record_type = GNUNET_DNSPARSER_TYPE_AAAA;
+          rd.flags = 0;
+          handle_gns2dns_result (rh,
+                                 1,
+                                 &rd);
+          return;
+        }
 
+        tld = GNS_get_tld (ip);
+        if (0 != strcmp (tld,
+                         "+"))
+        {
+          /* 'ip' is a DNS name */
+          g2dc->dns_rh = GNUNET_RESOLVER_ip_get (ip,
+                                                 AF_UNSPEC,
+                                                 GNUNET_TIME_UNIT_FOREVER_REL,
+                                                 &handle_gns2dns_ip,
+                                                 g2dc);
+          GNUNET_free (ip);
+          return;
+        }
+
+        /* 'ip' should be a GNS name */
         g2dc->rh = GNUNET_new (struct GNS_ResolverHandle);
-        g2dc->rh->authority_zone = rh->ac_tail->authority_info.gns_authority;
-        ip = translate_dot_plus (rh, ip);
+
+        ip = translate_dot_plus (rh,
+                                 ip);
+        tld = GNS_get_tld (ip);
+        if (GNUNET_OK !=
+            GNUNET_GNSRECORD_zkey_to_pkey (tld,
+                                           &zone))
+        {
+          GNUNET_break_op (0);
+          GNUNET_free_non_null (ns);
+          GNUNET_free_non_null (ip);
+          GNUNET_free (g2dc);
+          fail_resolution (rh);
+          return;
+        }
+        g2dc->rh->authority_zone = zone;
+        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                    "Resolving `%s' to determine IP address of DNS server for GNS2DNS transition for `%s'\n",
+                    ip,
+                    ns);
         g2dc->rh->name = ip;
-        g2dc->rh->name_resolution_pos = strlen (ip);
+        g2dc->rh->name_resolution_pos = strlen (ip) - strlen (tld) - 1;
         g2dc->rh->proc = &handle_gns2dns_result;
         g2dc->rh->proc_cls = rh;
         g2dc->rh->record_type = GNUNET_GNSRECORD_TYPE_ANY;
         g2dc->rh->options = GNUNET_GNS_LO_DEFAULT;
         g2dc->rh->loop_limiter = rh->loop_limiter + 1;
-        rh->g2dc = g2dc;
         g2dc->rh->task_id
           = GNUNET_SCHEDULER_add_now (&start_resolver_lookup,
                                       g2dc->rh);
@@ -2259,7 +2446,6 @@ start_resolver_lookup (void *cls)
 {
   struct GNS_ResolverHandle *rh = cls;
   struct AuthorityChain *ac;
-  char *y;
   struct in_addr v4;
   struct in6_addr v6;
 
@@ -2296,66 +2482,14 @@ start_resolver_lookup (void *cls)
     GNS_resolver_lookup_cancel (rh);
     return;
   }
-  if ( ( (GNUNET_YES == is_canonical (rh->name)) &&
-         (0 != strcmp (GNUNET_GNS_TLD, rh->name)) ) ||
-       ( (GNUNET_YES != is_gnu_tld (rh->name)) &&
-         (GNUNET_YES != is_zkey_tld (rh->name)) ) )
-  {
-    /* use standard DNS lookup */
-    int af;
 
-    switch (rh->record_type)
-    {
-    case GNUNET_DNSPARSER_TYPE_A:
-      af = AF_INET;
-      break;
-    case GNUNET_DNSPARSER_TYPE_AAAA:
-      af = AF_INET6;
-      break;
-    default:
-      af = AF_UNSPEC;
-      break;
-    }
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Doing standard DNS lookup for `%s'\n",
-                rh->name);
-    rh->std_resolve = GNUNET_RESOLVER_ip_get (rh->name,
-                                              af,
-                                              DNS_LOOKUP_TIMEOUT,
-                                              &handle_dns_result,
-                                              rh);
-    return;
-  }
-  if (is_zkey_tld (rh->name))
-  {
-    /* Name ends with ".zkey", try to replace authority zone with zkey
-       authority */
-    GNUNET_free (resolver_lookup_get_next_label (rh)); /* will return "zkey" */
-    y = resolver_lookup_get_next_label (rh); /* will return 'y' coordinate */
-    if ( (NULL == y) ||
-         (GNUNET_OK !=
-          GNUNET_CRYPTO_ecdsa_public_key_from_string (y,
-                                                      strlen (y),
-                                                      &rh->authority_zone)) )
-    {
-      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                  _("Hostname `%s' is not well-formed, resolution fails\n"),
-                  rh->name);
-      rh->task_id = GNUNET_SCHEDULER_add_now (&fail_resolution, rh);
-    }
-    GNUNET_free_non_null (y);
-  }
-  else
-  {
-    /* Name ends with ".gnu", eat ".gnu" and continue with resolution */
-    GNUNET_free (resolver_lookup_get_next_label (rh));
-  }
   ac = GNUNET_new (struct AuthorityChain);
   ac->rh = rh;
   ac->label = resolver_lookup_get_next_label (rh);
   ac->suggested_shortening_label = NULL;
   if (NULL == ac->label)
-    /* name was just "gnu", so we default to label '+' */
+    /* name was just the "TLD", so we default to label
+       #GNUNET_GNS_MASTERZONE_STR */
     ac->label = GNUNET_strdup (GNUNET_GNS_MASTERZONE_STR);
   ac->gns_authority = GNUNET_YES;
   ac->authority_info.gns_authority = rh->authority_zone;
@@ -2446,6 +2580,11 @@ GNS_resolver_lookup_cancel (struct GNS_ResolverHandle *rh)
       GNS_resolver_lookup_cancel (rh->g2dc->rh);
       rh->g2dc->rh = NULL;
     }
+    if (NULL != rh->g2dc->dns_rh)
+    {
+      GNUNET_RESOLVER_request_cancel (rh->g2dc->dns_rh);
+      rh->g2dc->rh = NULL;
+    }
     GNUNET_free (rh->g2dc->ns);
     GNUNET_free (rh->g2dc);
     rh->g2dc = NULL;
@@ -2588,28 +2727,4 @@ GNS_resolver_done ()
 }
 
 
-/* *************** common helper functions (do not really belong here) *********** */
-
-/**
- * Checks if @a name ends in ".TLD"
- *
- * @param name the name to check
- * @param tld the TLD to check for
- * @return #GNUNET_YES or #GNUNET_NO
- */
-int
-is_tld (const char* name,
-        const char* tld)
-{
-  size_t offset = 0;
-
-  if (strlen (name) <= strlen (tld))
-    return GNUNET_NO;
-  offset = strlen (name) - strlen (tld);
-  if (0 != strcmp (name + offset, tld))
-    return GNUNET_NO;
-  return GNUNET_YES;
-}
-
-
 /* end of gnunet-service-gns_resolver.c */
diff --git a/src/gns/gnunet-service-gns_resolver.h b/src/gns/gnunet-service-gns_resolver.h
index c71d3983d..06ecc51ce 100644
--- a/src/gns/gnunet-service-gns_resolver.h
+++ b/src/gns/gnunet-service-gns_resolver.h
@@ -100,25 +100,4 @@ GNS_resolver_lookup (const struct GNUNET_CRYPTO_EcdsaPublicKey *zone,
 void
 GNS_resolver_lookup_cancel (struct GNS_ResolverHandle *rh);
 
-
-/**
- * Generic function to check for TLDs.  Checks if "name" ends in ".tld"
- *
- * @param name the name to check
- * @param tld the tld to check
- * @return #GNUNET_YES or #GNUNET_NO
- */
-int
-is_tld (const char *name,
-        const char *tld);
-
-
-
-/**
- * Checks for gnu/zkey
- */
-#define is_gnu_tld(name) is_tld(name, GNUNET_GNS_TLD)
-#define is_zkey_tld(name) is_tld(name, GNUNET_GNS_TLD_ZKEY)
-
-
 #endif
diff --git a/src/gns/nss/nss_gns.c b/src/gns/nss/nss_gns.c
index 31435cf95..03ac6e09c 100644
--- a/src/gns/nss/nss_gns.c
+++ b/src/gns/nss/nss_gns.c
@@ -42,35 +42,6 @@
 
 
 /**
- * function to check if name ends with a specific suffix
- *
- * @param name the name to check
- * @param suffix the suffix to check for
- * @return 1 if true
- */
-static int ends_with(const char *name, const char* suffix) {
-    size_t ln, ls;
-    assert(name);
-    assert(suffix);
-
-    if ((ls = strlen(suffix)) > (ln = strlen(name)))
-        return 0;
-
-    return strcasecmp(name+ln-ls, suffix) == 0;
-}
-
-
-/**
- * Check if name is inside .gnu or .zkey TLD
- *
- * @param name name to check
- * @return 1 if true
- */
-static int verify_name_allowed (const char *name) {
-  return ends_with(name, ".gnu") || ends_with(name, ".zkey");
-}
-
-/**
  * The gethostbyname hook executed by nsswitch
  *
  * @param name the name to resolve
@@ -82,7 +53,8 @@ static int verify_name_allowed (const char *name) {
  * @param h_errnop idk
  * @return a nss_status code
  */
-enum nss_status _nss_gns_gethostbyname2_r(
+enum nss_status
+_nss_gns_gethostbyname2_r(
     const char *name,
     int af,
     struct hostent * result,
@@ -95,7 +67,6 @@ enum nss_status _nss_gns_gethostbyname2_r(
     enum nss_status status = NSS_STATUS_UNAVAIL;
     int i;
     size_t address_length, l, idx, astart;
-    int name_allowed;
 
     if (af == AF_UNSPEC)
 #ifdef NSS_IPV6_ONLY
@@ -133,28 +104,25 @@ enum nss_status _nss_gns_gethostbyname2_r(
     u.count = 0;
     u.data_len = 0;
 
-    name_allowed = verify_name_allowed(name);
-
-    if (name_allowed) {
-
-        if (!gns_resolve_name(af, name, &u) == 0)
-        {
-          status = NSS_STATUS_NOTFOUND;
-          goto finish;
-        }
-    }
-    else
-    {
-      status = NSS_STATUS_UNAVAIL;
-      goto finish;
-    }
-
-    if (u.count == 0) {
+    i = gns_resolve_name(af, name, &u);
+    if (-3 == i)
+      {
+        status = NSS_STATUS_NOTFOUND;
+        goto finish;
+      }
+    if (-2 == i)
+      {
+        status = NSS_STATUS_UNAVAIL;
+        goto finish;
+      }
+    if ( (-1 == i) ||
+         (u.count == 0) )
+      {
         *errnop = ETIMEDOUT;
         *h_errnop = HOST_NOT_FOUND;
         status = NSS_STATUS_NOTFOUND;
         goto finish;
-    }
+      }
 
 
     /* Alias names */
@@ -212,7 +180,8 @@ finish:
  * @param h_errnop idk
  * @return a nss_status code
  */
-enum nss_status _nss_gns_gethostbyname_r (
+enum nss_status
+_nss_gns_gethostbyname_r (
     const char *name,
     struct hostent *result,
     char *buffer,
@@ -244,7 +213,8 @@ enum nss_status _nss_gns_gethostbyname_r (
  * @param h_errnop idk
  * @return NSS_STATUS_UNAVAIL
  */
-enum nss_status _nss_gns_gethostbyaddr_r(
+enum nss_status
+_nss_gns_gethostbyaddr_r(
     const void* addr,
     int len,
     int af,
@@ -253,10 +223,9 @@ enum nss_status _nss_gns_gethostbyaddr_r(
     size_t buflen,
     int *errnop,
     int *h_errnop) {
-  
+
     *errnop = EINVAL;
     *h_errnop = NO_RECOVERY;
     //NOTE we allow to leak this into DNS so no NOTFOUND
     return NSS_STATUS_UNAVAIL;
 }
-
diff --git a/src/gns/nss/nss_gns_query.c b/src/gns/nss/nss_gns_query.c
index 273eaa619..4700100b5 100644
--- a/src/gns/nss/nss_gns_query.c
+++ b/src/gns/nss/nss_gns_query.c
@@ -44,6 +44,7 @@ gns_resolve_name (int af,
   FILE *p;
   char *cmd;
   char line[128];
+  int ret;
 
   if (AF_INET6 == af)
   {
@@ -101,8 +102,12 @@ gns_resolve_name (int af,
       }
     }
   }
-  pclose (p);
+  ret = pclose (p);
   free (cmd);
+  if (4 == ret)
+    return -2; /* not for GNS */
+  if (3 == ret)
+    return -3; /* timeout */
   return 0;
 }
 /* end of nss_gns_query.c */
diff --git a/src/gns/test_gns_cname_lookup.sh b/src/gns/test_gns_cname_lookup.sh
index 789c7f30b..d9627850f 100755
--- a/src/gns/test_gns_cname_lookup.sh
+++ b/src/gns/test_gns_cname_lookup.sh
@@ -24,8 +24,6 @@ fi
 
 rm -rf /tmp/test-gnunet-gns-peer-1/
 
-TEST_DOMAIN_PLUS="www.gnu"
-TEST_DOMAIN_DNS="www3.gnu"
 TEST_IP_PLUS="127.0.0.1"
 TEST_IP_DNS="131.159.74.67"
 TEST_RECORD_CNAME_SERVER="server"
@@ -34,35 +32,38 @@ TEST_RECORD_CNAME_DNS="gnunet.org"
 TEST_RECORD_NAME_SERVER="server"
 TEST_RECORD_NAME_PLUS="www"
 TEST_RECORD_NAME_DNS="www3"
+MY_EGO="myego"
+TEST_DOMAIN_PLUS="www.$MY_EGO"
+TEST_DOMAIN_DNS="www3.$MY_EGO"
 which timeout &> /dev/null && DO_TIMEOUT="timeout 15"
 
 gnunet-arm -s -c test_gns_lookup.conf
-gnunet-identity -C testego -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n $TEST_RECORD_NAME_DNS -t CNAME -V $TEST_RECORD_CNAME_DNS -e never -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n $TEST_RECORD_NAME_PLUS -t CNAME -V $TEST_RECORD_CNAME_PLUS -e never -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n $TEST_RECORD_CNAME_SERVER -t A -V $TEST_IP_PLUS -e never -c test_gns_lookup.conf
-RES_CNAME=`$DO_TIMEOUT gnunet-gns --raw -z testego -u $TEST_DOMAIN_PLUS -t A -c test_gns_lookup.conf`
-RES_CNAME_RAW=`$DO_TIMEOUT gnunet-gns --raw -z testego -u $TEST_DOMAIN_PLUS -t CNAME -c test_gns_lookup.conf`
-RES_CNAME_DNS=`$DO_TIMEOUT gnunet-gns --raw -z testego -u $TEST_DOMAIN_DNS -t A -c test_gns_lookup.conf`
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n $TEST_RECORD_NAME_DNS -t CNAME -V $TEST_RECORD_CNAME_DNS -e never -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n $TEST_RECORD_NAME_PLUS -t CNAME -V $TEST_RECORD_CNAME_PLUS -e never -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n $TEST_RECORD_CNAME_SERVER -t A -V $TEST_IP_PLUS -e never -c test_gns_lookup.conf
+RES_CNAME=`$DO_TIMEOUT gnunet-gns --raw -u $TEST_DOMAIN_PLUS -t A -c test_gns_lookup.conf`
+RES_CNAME_RAW=`$DO_TIMEOUT gnunet-gns --raw -u $TEST_DOMAIN_PLUS -t CNAME -c test_gns_lookup.conf`
+RES_CNAME_DNS=`$DO_TIMEOUT gnunet-gns --raw -u $TEST_DOMAIN_DNS -t A -c test_gns_lookup.conf`
 TESTEGOZONE=`gnunet-identity -c test_gns_lookup.conf -d | awk '{print $3}'`
-gnunet-namestore -p -z testego -d -n $TEST_RECORD_NAME_DNS -t CNAME -V $TEST_RECORD_CNAME_DNS -e never -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -d -n $TEST_RECORD_NAME_PLUS -t CNAME -V $TEST_RECORD_CNAME_PLUS -e never -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -d -n $TEST_RECORD_CNAME_SERVER -t A -V $TEST_IP_PLUS -e never -c test_gns_lookup.conf
-gnunet-identity -D testego -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -d -n $TEST_RECORD_NAME_DNS -t CNAME -V $TEST_RECORD_CNAME_DNS -e never -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -d -n $TEST_RECORD_NAME_PLUS -t CNAME -V $TEST_RECORD_CNAME_PLUS -e never -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -d -n $TEST_RECORD_CNAME_SERVER -t A -V $TEST_IP_PLUS -e never -c test_gns_lookup.conf
+gnunet-identity -D $MY_EGO -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 rm -rf /tmp/test-gnunet-gns-peer-1/
 
-if [ "$RES_CNAME_RAW" == "server.$TESTEGOZONE.zkey" ]
+if [ "$RES_CNAME_RAW" == "server.$TESTEGOZONE" ]
 then
-  echo "PASS: CNAME resulution from GNS"
+  echo "PASS: CNAME resolution from GNS"
 else
-  echo "FAIL: CNAME resolution from GNS, got $RES_CNAME_RAW, expected server.$TESTEGOZONE.zkey."
+  echo "FAIL: CNAME resolution from GNS, got $RES_CNAME_RAW, expected server.$TESTEGOZONE."
   exit 1
 fi
 
 if [ "$RES_CNAME" == "$TEST_IP_PLUS" ]
 then
-  echo "PASS: IP resulution from GNS"
+  echo "PASS: IP resolution from GNS"
 else
   echo "FAIL: IP resolution from GNS, got $RES_CNAME, expected $TEST_IP_PLUS."
   exit 1
@@ -70,9 +71,9 @@ fi
 
 if [ "$RES_CNAME_DNS" == "$TEST_IP_DNS" ]
 then
-  echo "PASS: IP resulution from DNS"
+  echo "PASS: IP resolution from DNS"
   exit 0
 else
-  echo "FAIL: IP resulution from DNS, got $RES_IP, expected $TEST_IP_DNS."
+  echo "FAIL: IP resolution from DNS, got $RES_IP, expected $TEST_IP_DNS."
   exit 1
 fi
diff --git a/src/gns/test_gns_delegated_lookup.sh b/src/gns/test_gns_delegated_lookup.sh
index 3826d3e32..edda688ff 100755
--- a/src/gns/test_gns_delegated_lookup.sh
+++ b/src/gns/test_gns_delegated_lookup.sh
@@ -10,22 +10,26 @@ fi
 $LOCATION --version 1> /dev/null
 if test $? != 0
 then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" 
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
         exit 77
 fi
 
 rm -rf /tmp/test-gnunet-gns-peer-1/
+MY_EGO="myego"
+OTHER_EGO="delegatedego"
+FINAL_LABEL="www"
+DELEGATION_LABEL="b"
 
 TEST_IP="127.0.0.1"
 gnunet-arm -s -c test_gns_lookup.conf
-gnunet-identity -C delegatedego -c test_gns_lookup.conf
-DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep delegatedego | awk '{print $3}')
-gnunet-identity -C testego -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
-gnunet-namestore -p -z delegatedego -a -n www -t A -V $TEST_IP -e never -c test_gns_lookup.conf
-RES_IP=`$DO_TIMEOUT gnunet-gns --raw -z testego -u www.b.gnu -t A -c test_gns_lookup.conf`
-gnunet-namestore -z testego -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
-gnunet-namestore -z delegatedego -d -n www -t A -V $TEST_IP  -e never -c test_gns_lookup.conf
+gnunet-identity -C $OTHER_EGO -c test_gns_lookup.conf
+DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep $OTHER_EGO | awk '{print $3}')
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n $DELEGATION_LABEL -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
+gnunet-namestore -p -z $OTHER_EGO -a -n $FINAL_LABEL -t A -V $TEST_IP -e never -c test_gns_lookup.conf
+RES_IP=`$DO_TIMEOUT gnunet-gns --raw -u $FINAL_LABEL.$DELEGATION_LABEL.$MY_EGO -t A -c test_gns_lookup.conf`
+gnunet-namestore -z $MY_EGO -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
+gnunet-namestore -z $OTHER_EGO -d -n $FINAL_LABEL -t A -V $TEST_IP  -e never -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 
 rm -rf /tmp/test-gnunet-gns-peer-1/
diff --git a/src/gns/test_gns_dht_lookup.sh b/src/gns/test_gns_dht_lookup.sh
index a6e4acc77..365c77339 100755
--- a/src/gns/test_gns_dht_lookup.sh
+++ b/src/gns/test_gns_dht_lookup.sh
@@ -10,22 +10,26 @@ fi
 $LOCATION --version 1> /dev/null
 if test $? != 0
 then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" 
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
         exit 77
 fi
 
 TEST_IP="127.0.0.1"
+MY_EGO="myego"
+OTHER_EGO="delegatedego"
+
+
 gnunet-arm -s -c test_gns_lookup.conf
-gnunet-identity -C delegatedego -c test_gns_lookup.conf
-DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep delegatedego | awk '{print $3}')
-gnunet-identity -C testego -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
-gnunet-namestore -p -z delegatedego -a -n www -t A -V $TEST_IP -e never -c test_gns_lookup.conf
+gnunet-identity -C $OTHER_EGO -c test_gns_lookup.conf
+DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep $OTHER_EGO | awk '{print $3}')
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
+gnunet-namestore -p -z $OTHER_EGO -a -n www -t A -V $TEST_IP -e never -c test_gns_lookup.conf
 gnunet-arm -i gns -c test_gns_lookup.conf
 sleep 0.5
-gnunet-namestore -z delegatedego -d -n www -t A -V $TEST_IP  -e never -c test_gns_lookup.conf
-RES_IP=`$DO_TIMEOUT gnunet-gns --raw -z testego -u www.b.gnu -t A -c test_gns_lookup.conf`
-gnunet-namestore -z testego -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
+gnunet-namestore -z $OTHER_EGO -d -n www -t A -V $TEST_IP  -e never -c test_gns_lookup.conf
+RES_IP=`$DO_TIMEOUT gnunet-gns --raw -u www.b.$MY_EGO -t A -c test_gns_lookup.conf`
+gnunet-namestore -z $MY_EGO -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 rm -rf /tmp/test-gnunet-gns-peer-1/
 
diff --git a/src/gns/test_gns_gns2dns_lookup.sh b/src/gns/test_gns_gns2dns_lookup.sh
index f7299a57d..921d9594d 100755
--- a/src/gns/test_gns_gns2dns_lookup.sh
+++ b/src/gns/test_gns_gns2dns_lookup.sh
@@ -25,10 +25,6 @@ TEST_IP_GNS2DNS="8.8.8.8"
 
 # main label used during resolution
 TEST_RECORD_NAME="homepage"
-# various names we will use for resolution
-TEST_DOMAIN="www.${TEST_RECORD_NAME}.gnu"
-TEST_DOMAIN_ALT="${TEST_RECORD_NAME}.gnu"
-TEST_DOMAIN_ALT2="uk.${TEST_RECORD_NAME}.gnu"
 
 if ! nslookup gnunet.org $TEST_IP_GNS2DNS &> /dev/null
 then
@@ -42,29 +38,39 @@ TEST_RESOLVER_LABEL="resolver"
 # using the TEST_RESOLVER_LABEL DNS server for resolution
 TEST_RECORD_GNS2DNS="gnunet.org@${TEST_RESOLVER_LABEL}.+"
 
+MY_EGO="myego"
+# various names we will use for resolution
+TEST_DOMAIN="www.${TEST_RECORD_NAME}.$MY_EGO"
+TEST_DOMAIN_ALT="${TEST_RECORD_NAME}.$MY_EGO"
+TEST_DOMAIN_ALT2="uk.${TEST_RECORD_NAME}.$MY_EGO"
+
+
 gnunet-arm -s -c test_gns_lookup.conf
-gnunet-identity -C testego -c test_gns_lookup.conf
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
 
 # set IP address for DNS resolver for resolving in gnunet.org domain
-gnunet-namestore -p -z testego -a -n $TEST_RESOLVER_LABEL -t A -V $TEST_IP_GNS2DNS -e never -c test_gns_lookup.conf
-# map 'homepage.gnu' to 'gnunet.org' in DNS
-gnunet-namestore -p -z testego -a -n $TEST_RECORD_NAME -t GNS2DNS -V $TEST_RECORD_GNS2DNS -e never -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n $TEST_RESOLVER_LABEL -t A -V $TEST_IP_GNS2DNS -e never -c test_gns_lookup.conf
+# map '$TEST_RECORD_NAME.$MY_EGO' to 'gnunet.org' in DNS
+gnunet-namestore -p -z $MY_EGO -a -n $TEST_RECORD_NAME -t GNS2DNS -V $TEST_RECORD_GNS2DNS -e never -c test_gns_lookup.conf
 
 which timeout &> /dev/null && DO_TIMEOUT="timeout 15"
 
+echo "EGOs:"
+gnunet-identity -d
+
 # lookup 'www.gnunet.org', IPv4
-RES_IP=`$DO_TIMEOUT gnunet-gns --raw -z testego -u $TEST_DOMAIN -t A -c test_gns_lookup.conf`
+RES_IP=`$DO_TIMEOUT gnunet-gns --raw -u $TEST_DOMAIN -t A -c test_gns_lookup.conf`
 # lookup 'www.gnunet.org', IPv6
-RES_IP6=`$DO_TIMEOUT gnunet-gns --raw -z testego -u $TEST_DOMAIN -t AAAA -c test_gns_lookup.conf`
+RES_IP6=`$DO_TIMEOUT gnunet-gns --raw -u $TEST_DOMAIN -t AAAA -c test_gns_lookup.conf`
 # lookup 'gnunet.org', IPv4
-RES_IP_ALT=`$DO_TIMEOUT gnunet-gns --raw -z testego -u $TEST_DOMAIN_ALT -t A -c test_gns_lookup.conf`
+RES_IP_ALT=`$DO_TIMEOUT gnunet-gns --raw -u $TEST_DOMAIN_ALT -t A -c test_gns_lookup.conf`
 # lookup 'uk.gnunet.org', IPv4
-RES_IP_ALT2=`$DO_TIMEOUT gnunet-gns --raw -z testego -u $TEST_DOMAIN_ALT2 -t A -c test_gns_lookup.conf`
+RES_IP_ALT2=`$DO_TIMEOUT gnunet-gns --raw -u $TEST_DOMAIN_ALT2 -t A -c test_gns_lookup.conf`
 
 # clean up
-gnunet-namestore -z testego -d -n $TEST_RESOLVER_LABEL -t A -V $TEST_IP_GNS2DNS -e never -c test_gns_lookup.conf
-gnunet-namestore -z testego -d -n $TEST_RECORD_NAME -t GNS2DNS -V $TEST_RECORD_GNS2DNS -e never -c test_gns_lookup.conf
-gnunet-identity -D testego -c test_gns_lookup.conf
+gnunet-namestore -z $MY_EGO -d -n $TEST_RESOLVER_LABEL -t A -V $TEST_IP_GNS2DNS -e never -c test_gns_lookup.conf
+gnunet-namestore -z $MY_EGO -d -n $TEST_RECORD_NAME -t GNS2DNS -V $TEST_RECORD_GNS2DNS -e never -c test_gns_lookup.conf
+gnunet-identity -D $MY_EGO -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 rm -rf /tmp/test-gnunet-gns-peer-1/
 
diff --git a/src/gns/test_gns_ipv6_lookup.sh b/src/gns/test_gns_ipv6_lookup.sh
index f34a76727..118c23060 100755
--- a/src/gns/test_gns_ipv6_lookup.sh
+++ b/src/gns/test_gns_ipv6_lookup.sh
@@ -12,16 +12,17 @@ then
         echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
         exit 77
 fi
+MY_EGO="myego"
 
 rm -rf `gnunet-config -c test_gns_lookup.conf -s PATHS -o GNUNET_HOME -f`
 which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
 TEST_IP="dead::beef"
 gnunet-arm -s -c test_gns_lookup.conf
-gnunet-identity -C testego -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n www -t AAAA -V $TEST_IP -e never -c test_gns_lookup.conf
-RES_IP=`$DO_TIMEOUT gnunet-gns --raw -z testego -u www.gnu -t AAAA -c test_gns_lookup.conf`
-gnunet-namestore -z testego -d -n www -t AAAA -V $TEST_IP -e never -c test_gns_lookup.conf
-gnunet-identity -D testego -c test_gns_lookup.conf
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n www -t AAAA -V $TEST_IP -e never -c test_gns_lookup.conf
+RES_IP=`$DO_TIMEOUT gnunet-gns --raw -u www.$MY_EGO -t AAAA -c test_gns_lookup.conf`
+gnunet-namestore -z $MY_EGO -d -n www -t AAAA -V $TEST_IP -e never -c test_gns_lookup.conf
+gnunet-identity -D $MY_EGO -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 rm -rf /tmp/test-gnunet-gns-peer-1/
 
diff --git a/src/gns/test_gns_lookup.sh b/src/gns/test_gns_lookup.sh
index ddee5b78d..79558afae 100755
--- a/src/gns/test_gns_lookup.sh
+++ b/src/gns/test_gns_lookup.sh
@@ -16,12 +16,14 @@ fi
 rm -rf `gnunet-config -c test_gns_lookup.conf -s PATHS -o GNUNET_HOME -f`
 which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
 TEST_IP="127.0.0.1"
+MY_EGO="myego"
+LABEL="www"
 gnunet-arm -s -c test_gns_lookup.conf
-gnunet-identity -C testego -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n www -t A -V $TEST_IP -e never -c test_gns_lookup.conf
-RES_IP=`$DO_TIMEOUT gnunet-gns --raw -z testego -u www.gnu -t A -c test_gns_lookup.conf`
-gnunet-namestore -z testego -d -n www -t A -V $TEST_IP -e never -c test_gns_lookup.conf
-gnunet-identity -D testego -c test_gns_lookup.conf
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n $LABEL -t A -V $TEST_IP -e never -c test_gns_lookup.conf
+RES_IP=`$DO_TIMEOUT gnunet-gns --raw -u $LABEL.$MY_EGO -t A -c test_gns_lookup.conf`
+gnunet-namestore -z $MY_EGO -d -n $LABEL -t A -V $TEST_IP -e never -c test_gns_lookup.conf
+gnunet-identity -D $MY_EGO -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 
 if [ "$RES_IP" == "$TEST_IP" ]
diff --git a/src/gns/test_gns_mx_lookup.sh b/src/gns/test_gns_mx_lookup.sh
index f8cea2d0f..8abc9f509 100755
--- a/src/gns/test_gns_mx_lookup.sh
+++ b/src/gns/test_gns_mx_lookup.sh
@@ -16,21 +16,24 @@ fi
 rm -rf /tmp/test-gnunet-gns-peer-1/
 which timeout &> /dev/null && DO_TIMEOUT="timeout 5"
 
-TEST_MX="5,mail.gnu"
+MY_EGO="myego"
+TEST_MX="5,mail.+"
 gnunet-arm -s -c test_gns_lookup.conf
-gnunet-identity -C testego -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n www -t MX -V "$TEST_MX" -e never -c test_gns_lookup.conf
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+PKEY=`gnunet-identity -d | grep "$MY_EGO - " | awk '{print $3'}`
+WANT_MX="5,mail.$PKEY"
+gnunet-namestore -p -z $MY_EGO -a -n www -t MX -V "$TEST_MX" -e never -c test_gns_lookup.conf
 
-RES_MX=`$DO_TIMEOUT gnunet-gns --raw -z testego -u www.gnu -t MX -c test_gns_lookup.conf`
-gnunet-namestore -z testego -d -n www -t MX -V "$TEST_MX" -e never -c test_gns_lookup.conf
-gnunet-identity -D testego -c test_gns_lookup.conf
+RES_MX=`$DO_TIMEOUT gnunet-gns --raw -u www.$MY_EGO -t MX -c test_gns_lookup.conf`
+gnunet-namestore -z $MY_EGO -d -n www -t MX -V "$TEST_MX" -e never -c test_gns_lookup.conf
+gnunet-identity -D $MY_EGO -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 rm -rf /tmp/test-gnunet-gns-peer-1/
 
-if [ "$RES_MX" == "$TEST_MX" ]
+if [ "$RES_MX" == "$WANT_MX" ]
 then
   exit 0
 else
-  echo "FAIL: did not get proper IP, got $RES_MX."
+  echo "FAIL: did not get proper IP, got $RES_MX, expected $WANT_MX."
   exit 1
 fi
diff --git a/src/gns/test_gns_plus_lookup.sh b/src/gns/test_gns_plus_lookup.sh
index a6a9e8da4..4cf7a8855 100755
--- a/src/gns/test_gns_plus_lookup.sh
+++ b/src/gns/test_gns_plus_lookup.sh
@@ -17,14 +17,15 @@ which timeout &> /dev/null && DO_TIMEOUT="timeout 5"
 rm -rf /tmp/test-gnunet-gns-peer-1/
 
 TEST_IP="127.0.0.1"
+MY_EGO="myego"
 gnunet-arm -s -c test_gns_lookup.conf
 gnunet-identity -C delegatedego -c test_gns_lookup.conf
 DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep delegatedego | awk '{print $3}')
-gnunet-identity -C testego -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
 gnunet-namestore -p -z delegatedego -a -n '+' -t A -V $TEST_IP -e never -c test_gns_lookup.conf
-RES_IP=`$DO_TIMEOUT gnunet-gns --raw -z testego -u b.gnu -t A -c test_gns_lookup.conf`
-gnunet-namestore -z testego -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
+RES_IP=`$DO_TIMEOUT gnunet-gns --raw -u b.$MY_EGO -t A -c test_gns_lookup.conf`
+gnunet-namestore -z $MY_EGO -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
 gnunet-namestore -z delegatedego -d -n '+' -t A -V $TEST_IP  -e never -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 rm -rf /tmp/test-gnunet-gns-peer-1/
diff --git a/src/gns/test_gns_quickupdate.sh b/src/gns/test_gns_quickupdate.sh
index d58a2712c..5606491e4 100755
--- a/src/gns/test_gns_quickupdate.sh
+++ b/src/gns/test_gns_quickupdate.sh
@@ -9,41 +9,49 @@ fi
 $LOCATION --version 1> /dev/null
 if test $? != 0
 then
-        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" 
+        echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
         exit 77
 fi
 
+MY_EGO="myego"
+OTHER_EGO="delegatedego"
+
+
 rm -rf /tmp/test-gnunet-gns-peer-1/
 which timeout &> /dev/null && DO_TIMEOUT="timeout 5"
 TEST_IP="127.0.0.1"
 gnunet-arm -s -c test_gns_lookup.conf
-gnunet-identity -C testego -c test_gns_lookup.conf
-gnunet-identity -C delegatedego -c test_gns_lookup.conf
-DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep delegatedego | awk '{print $3}')
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+gnunet-identity -C $OTHER_EGO -c test_gns_lookup.conf
+DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep $OTHER_EGO | awk '{print $3}')
 gnunet-arm -i gns -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
 # Give GNS/namestore time to fully start and finish initial iteration
 sleep 2
 # Performing namestore update
-gnunet-namestore -p -z delegatedego -a -n www -t A -V $TEST_IP -e never -c test_gns_lookup.conf
+gnunet-namestore -p -z $OTHER_EGO -a -n www -t A -V $TEST_IP -e never -c test_gns_lookup.conf
 # Give GNS chance to observe store event via monitor
 sleep 1
-gnunet-namestore -z delegatedego -d -n www -t A -V $TEST_IP  -e never -c test_gns_lookup.conf
+gnunet-namestore -z $OTHER_EGO -d -n www -t A -V $TEST_IP  -e never -c test_gns_lookup.conf
 # give GNS chance to process monitor event
 sleep 1
 # stop everything and restart to check that DHT PUT did happen
 gnunet-arm -k gns -c test_gns_lookup.conf
 gnunet-arm -k namestore -c test_gns_lookup.conf
 gnunet-arm -k namecache -c test_gns_lookup.conf
+gnunet-arm -k zonemaster -c test_gns_lookup.conf
 # Purge nameacache, as we might otherwise fetch from there
-rm -r `gnunet-config -c test_gns_lookup.conf -s namecache-sqlite -o FILENAME`
+# FIXME: testcase started failing after the line below was fixed by adding '-f',
+# might have never worked (!)
+rm -r `gnunet-config -f -c test_gns_lookup.conf -s namecache-sqlite -o FILENAME`
 gnunet-arm -i namestore -c test_gns_lookup.conf
 gnunet-arm -i namecache -c test_gns_lookup.conf
+gnunet-arm -i zonemaster -c test_gns_lookup.conf
 gnunet-arm -i gns -c test_gns_lookup.conf
-RES_IP=`$DO_TIMEOUT gnunet-gns --raw -z testego -u www.b.gnu -t A -c test_gns_lookup.conf`
-gnunet-namestore -z testego -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
-gnunet-identity -D testego -c test_gns_lookup.conf
-gnunet-identity -D delegatedego -c test_gns_lookup.conf
+RES_IP=`$DO_TIMEOUT gnunet-gns --raw -u www.b.$MY_EGO -t A -c test_gns_lookup.conf`
+gnunet-namestore -z $MY_EGO -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
+gnunet-identity -D $MY_EGO -c test_gns_lookup.conf
+gnunet-identity -D $OTHER_EGO -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 rm -rf /tmp/test-gnunet-gns-peer-1/
 
@@ -51,6 +59,6 @@ if [ "$RES_IP" == "$TEST_IP" ]
 then
   exit 0
 else
-  echo "Failed to properly resolve IP, got $RES_IP."
+  echo "Failed to properly resolve IP, expected $TEST_IP, got $RES_IP."
   exit 1
 fi
diff --git a/src/gns/test_gns_rel_expiration.sh b/src/gns/test_gns_rel_expiration.sh
index 9890641e2..992098db3 100755
--- a/src/gns/test_gns_rel_expiration.sh
+++ b/src/gns/test_gns_rel_expiration.sh
@@ -13,27 +13,30 @@ then
         exit 77
 fi
 
+MY_EGO="myego"
+OTHER_EGO="delegatedego"
+
 rm -rf /tmp/test-gnunet-gns-peer-1/
 which timeout &> /dev/null && DO_TIMEOUT="timeout 5"
 TEST_IP="127.0.0.1"
 gnunet-arm -s -c test_gns_lookup.conf
-gnunet-identity -C testego -c test_gns_lookup.conf
-gnunet-identity -C delegatedego -c test_gns_lookup.conf
-DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep delegatedego | awk '{print $3}')
-gnunet-namestore -p -z testego -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
-gnunet-namestore -p -z delegatedego -a -n www -t A -V $TEST_IP -e '5 s' -c test_gns_lookup.conf
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+gnunet-identity -C $OTHER_EGO -c test_gns_lookup.conf
+DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep $OTHER_EGO | awk '{print $3}')
+gnunet-namestore -p -z $MY_EGO -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
+gnunet-namestore -p -z $OTHER_EGO -a -n www -t A -V $TEST_IP -e '5 s' -c test_gns_lookup.conf
 gnunet-arm -i gns -c test_gns_lookup.conf
 # confirm that lookup currently works
-RES_IP=`$DO_TIMEOUT gnunet-gns --raw -z testego -u www.b.gnu -t A -c test_gns_lookup.conf`
+RES_IP=`$DO_TIMEOUT gnunet-gns --raw -u www.b.$MY_EGO -t A -c test_gns_lookup.conf`
 # remove entry
-gnunet-namestore -z delegatedego -d -n www -t A -V $TEST_IP  -e '5 s' -c test_gns_lookup.conf
+gnunet-namestore -z $OTHER_EGO -d -n www -t A -V $TEST_IP  -e '5 s' -c test_gns_lookup.conf
 # wait for old entry with 5s 'expiration' to definitively expire
 sleep 6
 # try again, should no longer work
-RES_IP_EXP=`$DO_TIMEOUT gnunet-gns --raw -z testego -u www.b.gnu -t A -c test_gns_lookup.conf`
-gnunet-namestore -z testego -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
-gnunet-identity -D testego -c test_gns_lookup.conf
-gnunet-identity -D delegatedego -c test_gns_lookup.conf
+RES_IP_EXP=`$DO_TIMEOUT gnunet-gns --raw -u www.b.$MY_EGO -t A -c test_gns_lookup.conf`
+gnunet-namestore -z $MY_EGO -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
+gnunet-identity -D $MY_EGO -c test_gns_lookup.conf
+gnunet-identity -D $OTHER_EGO -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 rm -rf /tmp/test-gnunet-gns-peer-1/
 
diff --git a/src/gns/test_gns_revocation.sh b/src/gns/test_gns_revocation.sh
index fdd3c76de..269b940d9 100755
--- a/src/gns/test_gns_revocation.sh
+++ b/src/gns/test_gns_revocation.sh
@@ -15,19 +15,21 @@ then
 fi
 
 rm -rf /tmp/test-gnunet-gns-peer-1/
-
+MY_EGO="myego"
+OTHER_EGO="delegatedego"
 TEST_IP="127.0.0.1"
+
 gnunet-arm -s -c test_gns_lookup.conf
-gnunet-identity -C delegatedego -c test_gns_lookup.conf
-DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep delegatedego | awk '{print $3}')
-gnunet-identity -C testego -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
-gnunet-namestore -p -z delegatedego -a -n www -t A -V $TEST_IP -e never -c test_gns_lookup.conf
-RES_IP=`$DO_TIMEOUT gnunet-gns --raw -z testego -u www.b.gnu -t A -c test_gns_lookup.conf`
-gnunet-revocation -R delegatedego -p  -c test_gns_lookup.conf
-RES_IP_REV=`$DO_TIMEOUT gnunet-gns --raw -z testego -u www.b.gnu -t A -c test_gns_lookup.conf`
-gnunet-namestore -z testego -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
-gnunet-namestore -z delegatedego -d -n www -t A -V $TEST_IP  -e never -c test_gns_lookup.conf
+gnunet-identity -C $OTHER_EGO -c test_gns_lookup.conf
+DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep $OTHER_EGO | awk '{print $3}')
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
+gnunet-namestore -p -z $OTHER_EGO -a -n www -t A -V $TEST_IP -e never -c test_gns_lookup.conf
+RES_IP=`$DO_TIMEOUT gnunet-gns --raw -u www.b.$MY_EGO -t A -c test_gns_lookup.conf`
+gnunet-revocation -R $OTHER_EGO -p  -c test_gns_lookup.conf
+RES_IP_REV=`$DO_TIMEOUT gnunet-gns --raw -u www.b.$MY_EGO -t A -c test_gns_lookup.conf`
+gnunet-namestore -z $MY_EGO -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
+gnunet-namestore -z $OTHER_EGO -d -n www -t A -V $TEST_IP  -e never -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 rm -rf /tmp/test-gnunet-gns-peer-1/
 
diff --git a/src/gns/test_gns_soa_lookup.sh b/src/gns/test_gns_soa_lookup.sh
index bd8adcb63..2f9cc58de 100755
--- a/src/gns/test_gns_soa_lookup.sh
+++ b/src/gns/test_gns_soa_lookup.sh
@@ -16,7 +16,8 @@ fi
 which timeout &> /dev/null && DO_TIMEOUT="timeout 5"
 
 rm -rf /tmp/test-gnunet-gns-peer-1/
-TEST_DOMAIN="homepage.gnu"
+MY_EGO="myego"
+TEST_DOMAIN="homepage.$MY_EGO"
 # some public DNS resolver we can use
 TEST_IP_GNS2DNS="184.172.157.218"
 TEST_RECORD_NAME="homepage"
@@ -29,11 +30,11 @@ then
 fi
 
 gnunet-arm -s -c test_gns_lookup.conf
-gnunet-identity -C testego -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n $TEST_RECORD_NAME -t GNS2DNS -V ${TEST_RECORD_GNS2DNS}@${TEST_IP_GNS2DNS} -e never -c test_gns_lookup.conf
-RES_SOA=`$DO_TIMEOUT gnunet-gns --raw -z testego -u $TEST_DOMAIN -t SOA -c test_gns_lookup.conf`
-gnunet-namestore -z testego -d -n $TEST_RECORD_NAME -t GNS2DNS -V ${TEST_RECORD_GNS2DNS}@${TEST_IP_GNS2DNS} -e never -c test_gns_lookup.conf &> /dev/null
-gnunet-identity -D testego -c test_gns_lookup.conf
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n $TEST_RECORD_NAME -t GNS2DNS -V ${TEST_RECORD_GNS2DNS}@${TEST_IP_GNS2DNS} -e never -c test_gns_lookup.conf
+RES_SOA=`$DO_TIMEOUT gnunet-gns --raw -u $TEST_DOMAIN -t SOA -c test_gns_lookup.conf`
+gnunet-namestore -z $MY_EGO -d -n $TEST_RECORD_NAME -t GNS2DNS -V ${TEST_RECORD_GNS2DNS}@${TEST_IP_GNS2DNS} -e never -c test_gns_lookup.conf &> /dev/null
+gnunet-identity -D $MY_EGO -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 rm -rf /tmp/test-gnunet-gns-peer-1/
 
diff --git a/src/gns/test_gns_txt_lookup.sh b/src/gns/test_gns_txt_lookup.sh
index dcf51112f..68a60c8b6 100755
--- a/src/gns/test_gns_txt_lookup.sh
+++ b/src/gns/test_gns_txt_lookup.sh
@@ -16,12 +16,14 @@ fi
 rm -rf /tmp/test-gnunet-gns-peer-1/
 which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
 TEST_TXT="GNS powered txt record data"
+MY_EGO="myego"
+LABEL="testtxt"
 gnunet-arm -s -c test_gns_lookup.conf
-gnunet-identity -C testego -c test_gns_lookup.conf
-gnunet-namestore -p -z testego -a -n testtxt -t TXT -V "$TEST_TXT" -e never -c test_gns_lookup.conf
-RES_TXT=`$DO_TIMEOUT gnunet-gns --raw -z testego -u testtxt.gnu -t TXT -c test_gns_lookup.conf`
-gnunet-namestore -z testego -d -n testtxt -t TXT -V "$TEST_TXT" -e never -c test_gns_lookup.conf
-gnunet-identity -D testego -c test_gns_lookup.conf
+gnunet-identity -C $MY_EGO -c test_gns_lookup.conf
+gnunet-namestore -p -z $MY_EGO -a -n $LABEL -t TXT -V "$TEST_TXT" -e never -c test_gns_lookup.conf
+RES_TXT=`$DO_TIMEOUT gnunet-gns --raw -u $LABEL.$MY_EGO -t TXT -c test_gns_lookup.conf`
+gnunet-namestore -z $MY_EGO -d -n $LABEL -t TXT -V "$TEST_TXT" -e never -c test_gns_lookup.conf
+gnunet-identity -D $MY_EGO -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
 rm -rf /tmp/test-gnunet-gns-peer-1/
 
diff --git a/src/gns/test_gns_zkey_lookup.sh b/src/gns/test_gns_zkey_lookup.sh
index 6262c1eb2..312198780 100755
--- a/src/gns/test_gns_zkey_lookup.sh
+++ b/src/gns/test_gns_zkey_lookup.sh
@@ -23,7 +23,7 @@ DELEGATED_PKEY=$(gnunet-identity -d -c test_gns_lookup.conf | grep delegatedego
 gnunet-identity -C testego -c test_gns_lookup.conf
 gnunet-namestore -p -z testego -a -n b -t PKEY -V $DELEGATED_PKEY -e never -c test_gns_lookup.conf
 gnunet-namestore -p -z delegatedego -a -n www -t A -V $TEST_IP -e never -c test_gns_lookup.conf
-RES_IP=`$DO_TIMEOUT gnunet-gns --raw -z testego -u www.${DELEGATED_PKEY}.zkey -t A -c test_gns_lookup.conf`
+RES_IP=`$DO_TIMEOUT gnunet-gns --raw -u www.${DELEGATED_PKEY} -t A -c test_gns_lookup.conf`
 gnunet-namestore -z testego -d -n b -t PKEY -V $DELEGATED_PKEY  -e never -c test_gns_lookup.conf
 gnunet-namestore -z delegatedego -d -n www -t A -V $TEST_IP  -e never -c test_gns_lookup.conf
 gnunet-arm -e -c test_gns_lookup.conf
diff --git a/src/gnsrecord/gnsrecord_misc.c b/src/gnsrecord/gnsrecord_misc.c
index 4c3bf6fa8..3c1ead437 100644
--- a/src/gnsrecord/gnsrecord_misc.c
+++ b/src/gnsrecord/gnsrecord_misc.c
@@ -241,7 +241,7 @@ GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey)
   pkeys = GNUNET_CRYPTO_ecdsa_public_key_to_string (pkey);
   GNUNET_snprintf (ret,
                    sizeof (ret),
-                   "%s.zkey",
+                   "%s",
                    pkeys);
   GNUNET_free (pkeys);
   return ret;
@@ -249,10 +249,10 @@ GNUNET_GNSRECORD_pkey_to_zkey (const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey)
 
 
 /**
- * Convert an absolute domain name in the ".zkey" pTLD to the
+ * Convert an absolute domain name to the
  * respective public key.
  *
- * @param zkey string "X.zkey" where X is the coordinates of the public
+ * @param zkey string encoding the coordinates of the public
  *         key in an encoding suitable for DNS labels.
  * @param pkey set to a public key on the eliptic curve
  * @return #GNUNET_SYSERR if @a zkey has the wrong syntax
@@ -261,29 +261,12 @@ int
 GNUNET_GNSRECORD_zkey_to_pkey (const char *zkey,
                                struct GNUNET_CRYPTO_EcdsaPublicKey *pkey)
 {
-  char *cpy;
-  char *dot;
-  const char *x;
-
-  cpy = GNUNET_strdup (zkey);
-  x = cpy;
-  if (NULL == (dot = strchr (x, (int) '.')))
-    goto error;
-  *dot = '\0';
-  if (0 != strcasecmp (dot + 1,
-                       "zkey"))
-    goto error;
-
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_public_key_from_string (x,
-                                                strlen (x),
-                                                pkey))
-    goto error;
-  GNUNET_free (cpy);
+      GNUNET_CRYPTO_ecdsa_public_key_from_string (zkey,
+                                                  strlen (zkey),
+                                                  pkey))
+    return GNUNET_SYSERR;
   return GNUNET_OK;
- error:
-  GNUNET_free (cpy);
-  return GNUNET_SYSERR;
 }
 
 
diff --git a/src/include/gnunet_gns_service.h b/src/include/gnunet_gns_service.h
index ccc868c05..2ef946a82 100644
--- a/src/include/gnunet_gns_service.h
+++ b/src/include/gnunet_gns_service.h
@@ -50,6 +50,9 @@ extern "C"
 /**
  * String we use to indicate the local master zone or a
  * root entry in the current zone.
+ *
+ * FIXME: probably should be changed to "@" and renamed
+ * (this name is confusing!)
  */
 #define GNUNET_GNS_MASTERZONE_STR "+"
 
diff --git a/src/namecache/gnunet-service-namecache.c b/src/namecache/gnunet-service-namecache.c
index f20d664a2..c08f2aef7 100644
--- a/src/namecache/gnunet-service-namecache.c
+++ b/src/namecache/gnunet-service-namecache.c
@@ -50,7 +50,7 @@ struct NamecacheClient
    * The message queue to talk to @e client.
    */
   struct GNUNET_MQ_Handle *mq;
-  
+
 };
 
 
@@ -208,7 +208,7 @@ handle_lookup_block (void *cls,
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Received NAMECACHE_LOOKUP_BLOCK message\n");
-  
+
   lnc.request_id = ntohl (ln_msg->gns_header.r_id);
   lnc.nc = nc;
   if (GNUNET_SYSERR ==
@@ -306,7 +306,7 @@ handle_block_cache (void *cls,
  * @param service the initialized service
  */
 static void
-run (void *cls, 
+run (void *cls,
      const struct GNUNET_CONFIGURATION_Handle *cfg,
      struct GNUNET_SERVICE_Handle *service)
 {
@@ -319,8 +319,8 @@ run (void *cls,
   /* Loading database plugin */
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_string (cfg,
-                                             "namecache",
-                                             "database",
+                                             "namecache",
+                                             "database",
                                              &database))
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "No database backend configured\n");
diff --git a/src/namecache/plugin_namecache_flat.c b/src/namecache/plugin_namecache_flat.c
index 66ab776e3..220c60305 100644
--- a/src/namecache/plugin_namecache_flat.c
+++ b/src/namecache/plugin_namecache_flat.c
@@ -86,8 +86,10 @@ database_setup (struct Plugin *plugin)
   struct GNUNET_DISK_FileHandle *fh;
 
   if (GNUNET_OK !=
-      GNUNET_CONFIGURATION_get_value_filename (plugin->cfg, "namecache-flat",
-                                               "FILENAME", &afsdir))
+      GNUNET_CONFIGURATION_get_value_filename (plugin->cfg,
+                                               "namecache-flat",
+                                               "FILENAME",
+                                               &afsdir))
   {
     GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
                                "namecache-flat", "FILENAME");
diff --git a/src/namestore/gnunet-namestore.c b/src/namestore/gnunet-namestore.c
index dcb9dd678..054417ab5 100644
--- a/src/namestore/gnunet-namestore.c
+++ b/src/namestore/gnunet-namestore.c
@@ -403,7 +403,7 @@ display_record (void *cls,
   {
     if ( (GNUNET_GNSRECORD_TYPE_NICK == rd[i].record_type) &&
          (0 != strcmp (rname,
-                       "+")) )
+                       GNUNET_GNS_MASTERZONE_STR)) )
       continue;
     typestring = GNUNET_GNSRECORD_number_to_typename (rd[i].record_type);
     s = GNUNET_GNSRECORD_value_to_string (rd[i].record_type,
@@ -1127,97 +1127,81 @@ int
 main (int argc,
       char *const *argv)
 {
-  is_public = -1;
-  is_shadow = -1;
-
   struct GNUNET_GETOPT_CommandLineOption options[] = {
-
     GNUNET_GETOPT_option_flag ('a',
-                                  "add",
-                                  gettext_noop ("add record"),
-                                  &add),
-
+                               "add",
+                               gettext_noop ("add record"),
+                               &add),
     GNUNET_GETOPT_option_flag ('d',
-                                  "delete",
-                                  gettext_noop ("delete record"),
-                                  &del),
-
+                               "delete",
+                               gettext_noop ("delete record"),
+                               &del),
     GNUNET_GETOPT_option_flag ('D',
-                                  "display",
-                                  gettext_noop ("display records"),
-                                  &list), 
-
+                               "display",
+                               gettext_noop ("display records"),
+                               &list),
     GNUNET_GETOPT_option_string ('e',
                                  "expiration",
                                  "TIME",
                                  gettext_noop ("expiration time for record to use (for adding only), \"never\" is possible"),
                                  &expirationstring),
-
     GNUNET_GETOPT_option_string ('i',
                                  "nick",
                                  "NICKNAME",
                                  gettext_noop ("set the desired nick name for the zone"),
-                                 &nickstring), 
-
+                                 &nickstring),
     GNUNET_GETOPT_option_flag ('m',
-                                  "monitor",
-                                  gettext_noop ("monitor changes in the namestore"),
-                                  &monitor),
-
+                               "monitor",
+                               gettext_noop ("monitor changes in the namestore"),
+                               &monitor),
     GNUNET_GETOPT_option_string ('n',
                                  "name",
                                  "NAME",
                                  gettext_noop ("name of the record to add/delete/display"),
                                  &name),
-
     GNUNET_GETOPT_option_string ('r',
                                  "reverse",
                                  "PKEY",
                                  gettext_noop ("determine our name for the given PKEY"),
                                  &reverse_pkey),
-
-
-
     GNUNET_GETOPT_option_string ('t',
                                  "type",
                                  "TYPE",
                                  gettext_noop ("type of the record to add/delete/display"),
                                  &typestring),
-
     GNUNET_GETOPT_option_string ('u',
                                  "uri",
                                  "URI",
                                  gettext_noop ("URI to import into our zone"),
                                  &uri),
-
     GNUNET_GETOPT_option_string ('V',
                                  "value",
                                  "VALUE",
                                  gettext_noop ("value of the record to add/delete"),
                                  &value),
-
     GNUNET_GETOPT_option_flag ('p',
-                                  "public",
-                                  gettext_noop ("create or list public record"),
-                                  &is_public),
-
+                               "public",
+                               gettext_noop ("create or list public record"),
+                               &is_public),
     GNUNET_GETOPT_option_flag ('s',
-                                  "shadow",
-                                  gettext_noop ("create shadow record (only valid if all other records of the same type have expired"),
-                                  &is_shadow),
-
+                               "shadow",
+                               gettext_noop ("create shadow record (only valid if all other records of the same type have expired"),
+                               &is_shadow),
     GNUNET_GETOPT_option_string ('z',
                                  "zone",
                                  "EGO",
                                  gettext_noop ("name of the ego controlling the zone"),
-                                 &ego_name), 
-
+                                 &ego_name),
     GNUNET_GETOPT_OPTION_END
   };
 
-  if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
+  if (GNUNET_OK !=
+      GNUNET_STRINGS_get_utf8_args (argc, argv,
+                                    &argc, &argv))
     return 2;
 
+  is_public = -1;
+  is_shadow = -1;
   GNUNET_log_setup ("gnunet-namestore",
                     "WARNING",
                     NULL);
diff --git a/src/namestore/gnunet-service-namestore.c b/src/namestore/gnunet-service-namestore.c
index b27cfb732..dea13b982 100644
--- a/src/namestore/gnunet-service-namestore.c
+++ b/src/namestore/gnunet-service-namestore.c
@@ -105,7 +105,7 @@ struct NamestoreClient
    * Message queue for transmission to @e client
    */
   struct GNUNET_MQ_Handle *mq;
-  
+
   /**
    * Head of the DLL of
    * Zone iteration operations in progress initiated by this client
@@ -268,7 +268,7 @@ cleanup_task (void *cls)
   }
   GNUNET_NAMECACHE_disconnect (namecache);
   namecache = NULL;
-  GNUNET_break (NULL == GNUNET_PLUGIN_unload (db_lib_name, 
+  GNUNET_break (NULL == GNUNET_PLUGIN_unload (db_lib_name,
                                               GSN_database));
   GNUNET_free (db_lib_name);
   db_lib_name = NULL;
@@ -1011,7 +1011,8 @@ handle_record_store (void *cls,
       struct GNUNET_GNSRECORD_Data rd_clean[rd_count];
       unsigned int rd_clean_off;
 
-      /* remove "NICK" records, unless this is for the "+" label */
+      /* remove "NICK" records, unless this is for the
+         #GNUNET_GNS_MASTERZONE_STR label */
       rd_clean_off = 0;
       for (unsigned int i=0;i<rd_count;i++)
       {
@@ -1669,23 +1670,23 @@ GNUNET_SERVICE_MAIN
                           GNUNET_MESSAGE_TYPE_NAMESTORE_ZONE_TO_NAME,
                           struct ZoneToNameMessage,
                           NULL),
- GNUNET_MQ_hd_fixed_size (iteration_start, 
+ GNUNET_MQ_hd_fixed_size (iteration_start,
                           GNUNET_MESSAGE_TYPE_NAMESTORE_ZONE_ITERATION_START,
                           struct ZoneIterationStartMessage,
                           NULL),
- GNUNET_MQ_hd_fixed_size (iteration_next, 
+ GNUNET_MQ_hd_fixed_size (iteration_next,
                           GNUNET_MESSAGE_TYPE_NAMESTORE_ZONE_ITERATION_NEXT,
                           struct ZoneIterationNextMessage,
                           NULL),
- GNUNET_MQ_hd_fixed_size (iteration_stop, 
+ GNUNET_MQ_hd_fixed_size (iteration_stop,
                           GNUNET_MESSAGE_TYPE_NAMESTORE_ZONE_ITERATION_STOP,
                           struct ZoneIterationStopMessage,
                           NULL),
- GNUNET_MQ_hd_fixed_size (monitor_start, 
+ GNUNET_MQ_hd_fixed_size (monitor_start,
                           GNUNET_MESSAGE_TYPE_NAMESTORE_MONITOR_START,
                           struct ZoneMonitorStartMessage,
                           NULL),
  GNUNET_MQ_handler_end ());
-                          
+
 
 /* end of gnunet-service-namestore.c */
diff --git a/src/namestore/plugin_rest_namestore.c b/src/namestore/plugin_rest_namestore.c
index 05776801b..954af98d2 100644
--- a/src/namestore/plugin_rest_namestore.c
+++ b/src/namestore/plugin_rest_namestore.c
@@ -26,6 +26,7 @@
 
 #include "platform.h"
 #include "gnunet_rest_plugin.h"
+#include "gnunet_gns_service.h"
 #include "gnunet_namestore_service.h"
 #include "gnunet_identity_service.h"
 #include "gnunet_rest_lib.h"
@@ -458,7 +459,7 @@ namestore_list_response (void *cls,
   for (i=0; i<rd_len; i++)
   {
     if ( (GNUNET_GNSRECORD_TYPE_NICK == rd[i].record_type) &&
-         (0 != strcmp (rname, "+")) )
+         (0 != strcmp (rname, GNUNET_GNS_MASTERZONE_STR)) )
       continue;
 
     if ( (rd[i].record_type != handle->type) &&
diff --git a/src/util/client.c b/src/util/client.c
index 7a718fc8d..3479fa971 100644
--- a/src/util/client.c
+++ b/src/util/client.c
@@ -261,11 +261,11 @@ transmit_ready (void *cls)
   pos = (const char *) cstate->msg;
   len = ntohs (cstate->msg->size);
   GNUNET_assert (cstate->msg_off < len);
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "client: message of type %u trying to send with socket %p (MQ: %p\n",
-              ntohs(cstate->msg->type),
-              cstate->sock,
-              cstate->mq);
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "message of type %u trying to send with socket %p (MQ: %p\n",
+       ntohs(cstate->msg->type),
+       cstate->sock,
+       cstate->mq);
 
  RETRY:
   ret = GNUNET_NETWORK_socket_send (cstate->sock,
@@ -273,13 +273,13 @@ transmit_ready (void *cls)
                                     len - cstate->msg_off);
   if (-1 == ret)
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                "client: error during sending message of type %u\n",
-                ntohs(cstate->msg->type));
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+         "Error during sending message of type %u\n",
+         ntohs(cstate->msg->type));
     if (EINTR == errno){
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "client: retrying message of type %u\n",
-                  ntohs(cstate->msg->type));
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+           "Retrying message of type %u\n",
+           ntohs(cstate->msg->type));
       goto RETRY;
     }
     GNUNET_MQ_inject_error (cstate->mq,
@@ -290,9 +290,9 @@ transmit_ready (void *cls)
   cstate->msg_off += ret;
   if (cstate->msg_off < len)
   {
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "client: rescheduling message of type %u\n",
-                ntohs(cstate->msg->type));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "rescheduling message of type %u\n",
+         ntohs(cstate->msg->type));
     cstate->send_task
       = GNUNET_SCHEDULER_add_write_net (GNUNET_TIME_UNIT_FOREVER_REL,
                                         cstate->sock,
@@ -302,9 +302,9 @@ transmit_ready (void *cls)
       GNUNET_MQ_impl_send_in_flight (cstate->mq);
     return;
   }
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "client: sending message of type %u successful\n",
-              ntohs(cstate->msg->type));
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "sending message of type %u successful\n",
+       ntohs(cstate->msg->type));
   cstate->msg = NULL;
   GNUNET_MQ_impl_send_continue (cstate->mq);
 }
@@ -394,9 +394,9 @@ connection_client_destroy_impl (struct GNUNET_MQ_Handle *mq,
   if (NULL != cstate->retry_task)
     GNUNET_SCHEDULER_cancel (cstate->retry_task);
   if (NULL != cstate->sock){
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "client: destroying socket: %p\n",
-                cstate->sock);
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "destroying socket: %p\n",
+         cstate->sock);
     GNUNET_NETWORK_socket_close (cstate->sock);
   }
   cancel_aps (cstate);
@@ -822,9 +822,9 @@ connection_client_send_impl (struct GNUNET_MQ_Handle *mq,
   cstate->msg = msg;
   cstate->msg_off = 0;
   if (NULL == cstate->sock){
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "client: message of type %u waiting for socket\n",
-                ntohs(msg->type));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "message of type %u waiting for socket\n",
+         ntohs(msg->type));
     return; /* still waiting for connection */
    }
   cstate->send_task
diff --git a/src/util/mq.c b/src/util/mq.c
index 33bbaa6ad..af700836c 100644
--- a/src/util/mq.c
+++ b/src/util/mq.c
@@ -358,10 +358,10 @@ GNUNET_MQ_send (struct GNUNET_MQ_Handle *mq,
   GNUNET_assert (NULL == mq->envelope_head);
   mq->current_envelope = ev;
 
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "mq: sending message of type %u, queue empty (MQ: %p)\n",
-              ntohs(ev->mh->type),
-              mq);
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "sending message of type %u, queue empty (MQ: %p)\n",
+       ntohs(ev->mh->type),
+       mq);
 
   mq->send_impl (mq,
                  ev->mh,
@@ -459,9 +459,9 @@ impl_send_continue (void *cls)
                                mq->envelope_tail,
                                mq->current_envelope);
 
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "mq: sending message of type %u from queue\n",
-              ntohs(mq->current_envelope->mh->type));
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "sending message of type %u from queue\n",
+       ntohs(mq->current_envelope->mh->type));
 
   mq->send_impl (mq,
                  mq->current_envelope->mh,
@@ -851,9 +851,9 @@ GNUNET_MQ_destroy (struct GNUNET_MQ_Handle *mq)
                                  ev);
     GNUNET_assert (0 < mq->queue_length);
     mq->queue_length--;
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "MQ destroy drops message of type %u\n",
-                ntohs (ev->mh->type));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "MQ destroy drops message of type %u\n",
+         ntohs (ev->mh->type));
     GNUNET_MQ_discard (ev);
   }
   if (NULL != mq->current_envelope)
@@ -861,9 +861,9 @@ GNUNET_MQ_destroy (struct GNUNET_MQ_Handle *mq)
     /* we can only discard envelopes that
      * are not queued! */
     mq->current_envelope->parent_queue = NULL;
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "MQ destroy drops current message of type %u\n",
-                ntohs (mq->current_envelope->mh->type));
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+         "MQ destroy drops current message of type %u\n",
+         ntohs (mq->current_envelope->mh->type));
     GNUNET_MQ_discard (mq->current_envelope);
     mq->current_envelope = NULL;
     GNUNET_assert (0 < mq->queue_length);
@@ -946,9 +946,9 @@ GNUNET_MQ_send_cancel (struct GNUNET_MQ_Envelope *ev)
                                    mq->envelope_tail,
                                    mq->current_envelope);
 
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "mq: sending canceled message of type %u queue\n",
-                  ntohs(ev->mh->type));
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+           "sending canceled message of type %u queue\n",
+           ntohs(ev->mh->type));
 
       mq->send_impl (mq,
                      mq->current_envelope->mh,
diff --git a/src/util/resolver_api.c b/src/util/resolver_api.c
index bd46b4fbb..b92fd6a02 100644
--- a/src/util/resolver_api.c
+++ b/src/util/resolver_api.c
@@ -500,11 +500,13 @@ handle_response (void *cls,
           GNUNET_free (nret);
         }
         /* finally, make termination call */
-        rh->name_callback (rh->cls,
-                           NULL);
+        if (GNUNET_SYSERR != rh->was_transmitted)
+          rh->name_callback (rh->cls,
+                             NULL);
       }
-      if (NULL != rh->addr_callback)
-        rh->addr_callback (rh->cls,
+      if ( (NULL != rh->addr_callback) &&
+           (GNUNET_SYSERR != rh->was_transmitted) )
+          rh->addr_callback (rh->cls,
                            NULL,
                            0);
     }
@@ -637,6 +639,7 @@ numeric_resolution (void *cls)
                        (const struct sockaddr *) &v4,
                        sizeof (v4));
     if ( (rh->af == AF_UNSPEC) &&
+         (GNUNET_SYSERR != rh->was_transmitted) &&
          (1 == inet_pton (AF_INET6,
                           hostname,
                           &v6.sin6_addr)) )
@@ -646,9 +649,10 @@ numeric_resolution (void *cls)
                          (const struct sockaddr *) &v6,
                          sizeof (v6));
     }
-    rh->addr_callback (rh->cls,
-                       NULL,
-                       0);
+    if (GNUNET_SYSERR != rh->was_transmitted)
+      rh->addr_callback (rh->cls,
+                         NULL,
+                         0);
     GNUNET_free (rh);
     return;
   }
@@ -661,9 +665,10 @@ numeric_resolution (void *cls)
     rh->addr_callback (rh->cls,
                        (const struct sockaddr *) &v6,
                        sizeof (v6));
-    rh->addr_callback (rh->cls,
-                       NULL,
-                       0);
+    if (GNUNET_SYSERR != rh->was_transmitted)
+      rh->addr_callback (rh->cls,
+                         NULL,
+                         0);
     GNUNET_free (rh);
     return;
   }
@@ -725,9 +730,10 @@ loopback_resolution (void *cls)
     GNUNET_break (0);
     break;
   }
-  rh->addr_callback (rh->cls,
-                     NULL,
-                     0);
+  if (GNUNET_SYSERR != rh->was_transmitted)
+    rh->addr_callback (rh->cls,
+                       NULL,
+                       0);
   LOG (GNUNET_ERROR_TYPE_DEBUG,
        "Finished resolving hostname `%s'.\n",
        (const char *) &rh[1]);
diff --git a/src/util/scheduler.c b/src/util/scheduler.c
index 51afc85e5..e00ca444b 100644
--- a/src/util/scheduler.c
+++ b/src/util/scheduler.c
@@ -520,8 +520,8 @@ GNUNET_SCHEDULER_shutdown ()
 {
   struct GNUNET_SCHEDULER_Task *pos;
 
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "GNUNET_SCHEDULER_shutdown\n");
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       "GNUNET_SCHEDULER_shutdown\n");
   if (NULL != install_parent_control_task)
   {
     GNUNET_SCHEDULER_cancel (install_parent_control_task);
@@ -1953,7 +1953,7 @@ GNUNET_SCHEDULER_task_ready (struct GNUNET_SCHEDULER_Task *task,
 /**
  * Function called by external event loop implementations to tell the
  * scheduler to run some of the tasks that are ready. Must be called
- * only after #GNUNET_SCHEDULER_driver_init has been called and before 
+ * only after #GNUNET_SCHEDULER_driver_init has been called and before
  * #GNUNET_SCHEDULER_driver_done is called.
  * This function may return even though there are tasks left to run
  * just to give other tasks a chance as well.  If we return #GNUNET_YES,
@@ -2023,9 +2023,9 @@ GNUNET_SCHEDULER_do_work (struct GNUNET_SCHEDULER_Handle *sh)
        * waiting for the timeout, so we handle this gracefully. It might
        * also be a programming error in the driver though.
        */
-      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                  "GNUNET_SCHEDULER_do_work did not find any ready "
-                  "tasks and timeout has not been reached yet.");
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+           "GNUNET_SCHEDULER_do_work did not find any ready "
+           "tasks and timeout has not been reached yet.\n");
       return GNUNET_NO;
     }
     /**
@@ -2128,7 +2128,7 @@ GNUNET_SCHEDULER_do_work (struct GNUNET_SCHEDULER_Handle *sh)
  * Function called by external event loop implementations to initialize
  * the scheduler. An external implementation has to provide @a driver
  * which contains callbacks for the scheduler (see definition of struct
- * #GNUNET_SCHEDULER_Driver). The callbacks are used to instruct the 
+ * #GNUNET_SCHEDULER_Driver). The callbacks are used to instruct the
  * external implementation to watch for events. If it detects any of
  * those events it is expected to call #GNUNET_SCHEDULER_do_work to let
  * the scheduler handle it. If an event is related to a specific task
@@ -2137,11 +2137,11 @@ GNUNET_SCHEDULER_do_work (struct GNUNET_SCHEDULER_Handle *sh)
  * before by calling #GNUNET_SCHEDULER_task_ready.
 
  * This function has to be called before any tasks are scheduled and
- * before GNUNET_SCHEDULER_do_work is called for the first time. It 
+ * before GNUNET_SCHEDULER_do_work is called for the first time. It
  * allocates resources that have to be freed again by calling
  * #GNUNET_SCHEDULER_driver_done.
  *
- * This function installs the same signal handlers as 
+ * This function installs the same signal handlers as
  * #GNUNET_SCHEDULER_run. This means SIGTERM (and other similar signals)
  * will induce a call to #GNUNET_SCHEDULER_shutdown during the next
  * call to #GNUNET_SCHEDULER_do_work. As a result, SIGTERM causes all
@@ -2228,7 +2228,7 @@ GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver)
  * by external event loop implementations after the scheduler has
  * shut down. This is the case if both of the following conditions
  * are met:
- * 
+ *
  * - all tasks the scheduler has added through the driver's add
  *   callback have been removed again through the driver's del
  *   callback
@@ -2376,8 +2376,8 @@ select_loop (struct GNUNET_SCHEDULER_Handle *sh, struct DriverContext *context)
     }
     if (GNUNET_YES == GNUNET_SCHEDULER_do_work (sh))
     {
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "scheduler has more tasks ready!\n");
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+           "scheduler has more tasks ready!\n");
     }
   }
   GNUNET_NETWORK_fdset_destroy (rs);
@@ -2451,7 +2451,7 @@ select_set_wakeup (void *cls,
                    struct GNUNET_TIME_Absolute dt)
 {
   struct DriverContext *context = cls;
-  
+
   GNUNET_assert (NULL != context);
   context->timeout = dt;
 }