diff -uNr dnstop-20040309/dnstop.c dnstop-20040309.logging/dnstop.c
--- dnstop-20040309/dnstop.c	2004-03-09 17:32:27.000000000 -0500
+++ dnstop-20040309.logging/dnstop.c	2004-11-14 12:34:02.190997600 -0500
@@ -25,6 +25,7 @@
 #include <assert.h>
 #include <arpa/inet.h>
 #include <arpa/nameser.h>
+#include <errno.h>
 
 #include <sys/socket.h>
 #include <net/if_arp.h>
@@ -112,6 +113,8 @@
 struct in_addr ignore_addr;
 pcap_t *pcap = NULL;
 char *bpf_program_str = "udp dst port 53 and udp[10:2] & 0x8000 = 0";
+char *raw_domain_file = NULL;
+static FILE *raw_domain_handle = NULL;
 WINDOW *w;
 static unsigned short port53;
 void (*SubReport) (void) = NULL;
@@ -401,6 +404,19 @@
 }
 
 int
+open_raw_domain_file(const char *domain_file_name)
+{
+    if (domain_file_name) {
+    	raw_domain_handle = fopen(domain_file_name, "a");
+    	if (!raw_domain_handle) {
+    	    fprintf(stderr, "Can't open raw domain file %s: %s\n", domain_file_name, strerror(errno));
+    	    exit(1);
+    	}
+    }
+    return 0;
+}
+
+int
 handle_dns(const char *buf, int len, const struct in_addr sip, const struct in_addr dip)
 {
     rfc1035_header qh;
@@ -462,6 +478,11 @@
     memcpy(&us, buf + offset + 2, 2);
     qclass = ntohs(us);
 
+    if (raw_domain_handle) {
+        fprintf(raw_domain_handle, "%s\n", qname);
+	fflush(raw_domain_handle);
+    }
+
     if (Filter && 0 == Filter(qtype, qclass, qname, sip, dip))
 	return 0;
 
@@ -798,7 +819,7 @@
 {
     if (0 == sld_flag) {
 	printw("\tYou must start %s with the -s option\n", progname);
-	printw("\tto collect 2nd level domain stats.\n", progname);
+	printw("\tto collect 2nd level domain stats.\n");
     } else {
 	StringCounter_report(Slds, "SLD");
     }
@@ -864,7 +885,7 @@
 {
     if (0 == sld_flag) {
 	printw("\tYou must start %s with the -s option\n", progname);
-	printw("\tto collect 2nd level domain stats.\n", progname);
+	printw("\tto collect 2nd level domain stats.\n");
     } else {
 	Combo_report(SSC, "Source", "SLD");
     }
@@ -1019,6 +1040,7 @@
     fprintf(stderr, "\t-i addr\tIgnore this source IP address\n");
     fprintf(stderr, "\t-p\tDon't put interface in promiscuous mode\n");
     fprintf(stderr, "\t-s\tEnable 2nd level domain stats collection\n");
+    fprintf(stderr, "\t-l file\tLog raw domains to this file\n");
     fprintf(stderr, "\t-f\tfilter-name\n");
     fprintf(stderr, "\n");
     fprintf(stderr, "Available filters:\n");
@@ -1056,7 +1078,7 @@
     srandom(time(NULL));
     ResetCounters();
 
-    while ((x = getopt(argc, argv, "ab:f:i:ps")) != -1) {
+    while ((x = getopt(argc, argv, "ab:f:i:l:ps")) != -1) {
 	switch (x) {
 	case 'a':
 	    anon_flag = 1;
@@ -1076,6 +1098,9 @@
 	case 'f':
 	    set_filter(optarg);
 	    break;
+	case 'l':
+	    raw_domain_file = strdup(optarg);
+	    break;
 	default:
 	    usage();
 	    break;
@@ -1084,6 +1109,9 @@
     argc -= optind;
     argv += optind;
 
+    if (raw_domain_file);
+    	open_raw_domain_file(raw_domain_file);
+
     if (argc < 1)
 	usage();
     device = strdup(argv[0]);