diff --git a/TODO b/TODO
new file mode 100644
index 0000000..0643d91
--- /dev/null
+++ b/TODO
@@ -0,0 +1,17 @@
+BUGS
+====
+
+ - The wild card blocks don't seem to be automatically moving DNS
+   entries into the block list.
+   
+
+
+IDEAS
+=====
+
+ - what about drilling down on domains: domain.tld, then expand up
+   levels if there are more than a couple of entries.
+ 
+ - Some way to browse by workstation traffic
+ 
+ - See hosts that accessed a domain in the lists.
diff --git a/data.cpp b/data.cpp
index 6a6e40e..30b68fe 100644
--- a/data.cpp
+++ b/data.cpp
@@ -217,30 +217,39 @@ bool LogAnalyzer::line(const std::string &in) {
       address = ln[8];
 
       /* NOTE: CNAME resolution seems to follow this order in logs:
+
            1. A result line (reply/cached) with an address of <CNAME>
            2. One or more consecutive result lines for the canonical name
+
          Looking over the logs it doesn't appear that dnsmasq will log
          anything between the original and CNAME resolutions. The exception
          is if a CNAME record is cached and it has to resolve what it
          points to. In this case there would be a "cached" and then a
          "forwarded" record eventually followed by "reply ... <CNAME>".
          In that case we want to operate on the reply.
+
+         I just saw that CNAME log entries can be chained. It looks like
+         they are an "is <CNAME>" entry followed by another. We want to
+         keep the original name (alias).
       */
-      /* record we're handling a CNAME cycle */
+      // we're handling a CNAME entry
       if(address=="<CNAME>") {
-        alias = name;
-        cname = "";
+        // If we don't have a cname yet then this is a CNAME to a CNAME.
+        if(alias=="" || cname!="") {
+          alias = name;
+          cname = "";
+        }
         return 0;
       }
-      /* If in cname _mode_: */
+      // If in cname _mode_:
       if(alias!="") {
         if(cname=="") {
-          cname = name; /* This is our target name */
-          name = alias; /* substitute the alias */
+          cname = name; // This is our target name
+          name = alias; // substitute the alias
         } else if(cname==name) {
-          name = alias; /* substitute the alias */
+          name = alias; // substitute the alias
         } else {
-          cname = "";   /* These are different records reset */
+          cname = "";   // These are different records reset
           name = "";
         }
       }
@@ -256,7 +265,8 @@ bool LogAnalyzer::line(const std::string &in) {
       //dlog("Added "+address+" = "+name);
       return 0;
     } else if(alias!="") {
-      alias = ""; /* we've fallen out of CNAME resolution. */
+      // we've fallen out of CNAME resolution.
+      alias = "";
       cname = "";
     }
   }