- check that NS record inside zone and in parent zone match
- check glue records (& probably don't warn on duplicates in them -- bind bugs?)
- when checking that nameservers know how to reverse-map their own IP, mention this
  to clarify situations when the outside world knows, but they don't.
- non-recursive nameservers? shouldn't fail on them...
- limit on number of records for the www iface?

Unsorted ideas:
~~~~~~~~~~~~~~~
- check whether different nameservers are in different networks
- check both TCP and UDP queries
- SOA admin address: wildcard MX record?
- IPv6 records and reversals
- detailed host/mail/domain name checks
- cgi: memory limits?