diff --git a/dnssec_test.go b/dnssec_test.go
index 6f16c5f0..0f529441 100644
--- a/dnssec_test.go
+++ b/dnssec_test.go
@@ -93,7 +93,7 @@ func TestSignature(t *testing.T) {
 
 func TestSignVerify(t *testing.T) {
 	// The record we want to sign
-        soa := new(RR_SOA)
+	soa := new(RR_SOA)
 	soa.Hdr = RR_Header{"miek.nl.", TypeSOA, ClassINET, 14400, 0}
 	soa.Ns = "open.nlnetlabs.nl."
 	soa.Mbox = "miekg.atoom.net."
@@ -103,7 +103,7 @@ func TestSignVerify(t *testing.T) {
 	soa.Expire = 604800
 	soa.Minttl = 86400
 
-        soa1 := new(RR_SOA)
+	soa1 := new(RR_SOA)
 	soa1.Hdr = RR_Header{"*.miek.nl.", TypeSOA, ClassINET, 14400, 0}
 	soa1.Ns = "open.nlnetlabs.nl."
 	soa1.Mbox = "miekg.atoom.net."
@@ -136,36 +136,35 @@ func TestSignVerify(t *testing.T) {
 	sig.SignerName = key.Hdr.Name
 	sig.Algorithm = RSASHA256
 
-	for _, r := range []RR{soa,soa1} {
+	for _, r := range []RR{soa, soa1} {
 		if sig.Sign(privkey, []RR{r}) != nil {
 			t.Log("Failure to sign the SOA record")
 			t.Fail()
-                        continue
+			continue
 		}
 		if sig.Verify(key, []RR{r}) != nil {
 			t.Log("Failure to validate")
 			t.Fail()
-                        continue
+			continue
 		}
-                t.Logf("Validated: %s\n", r.Header().Name)
+		t.Logf("Validated: %s\n", r.Header().Name)
 	}
 }
 
 func TestDnskey(t *testing.T) {
-        f, _ := os.Open("t/Kmiek.nl.+010+05240.private")
-        privkey, _ := ReadPrivateKey(f, "t/Kmiek.nl.+010+05240.private")
-        f, _ = os.Open("t/Kmiek.nl.+010+05240.key")
-        pubkey, _ := ReadRR(f, "t/Kmiek.nl.+010+05240.key")
-        // Okay, we assume this has gone OK
-        if pubkey.(*RR_DNSKEY).PublicKey != "AwEAAZuMCu2FdugHkTrXYgl5qixvcDw1aDDlvL46/xJKbHBAHY16fNUb2b65cwko2Js/aJxUYJbZk5dwCDZxYfrfbZVtDPQuc3o8QaChVxC7/JYz2AHc9qHvqQ1j4VrH71RWINlQo6VYjzN/BGpMhOZoZOEwzp1HfsOE3lNYcoWU1smL" {
-                t.Log("Pubkey is not what we've read")
-                t.Fail()
-        }
-        // Coefficient looks fishy...
-        t.Logf("%s", pubkey.(*RR_DNSKEY).PrivateKeyString(privkey))
+	f, _ := os.Open("t/Kmiek.nl.+010+05240.private")
+	privkey, _ := ReadPrivateKey(f, "t/Kmiek.nl.+010+05240.private")
+	f, _ = os.Open("t/Kmiek.nl.+010+05240.key")
+	pubkey, _ := ReadRR(f, "t/Kmiek.nl.+010+05240.key")
+	// Okay, we assume this has gone OK
+	if pubkey.(*RR_DNSKEY).PublicKey != "AwEAAZuMCu2FdugHkTrXYgl5qixvcDw1aDDlvL46/xJKbHBAHY16fNUb2b65cwko2Js/aJxUYJbZk5dwCDZxYfrfbZVtDPQuc3o8QaChVxC7/JYz2AHc9qHvqQ1j4VrH71RWINlQo6VYjzN/BGpMhOZoZOEwzp1HfsOE3lNYcoWU1smL" {
+		t.Log("Pubkey is not what we've read")
+		t.Fail()
+	}
+	// Coefficient looks fishy...
+	t.Logf("%s", pubkey.(*RR_DNSKEY).PrivateKeyString(privkey))
 }
 
-
 /*
         return
 	// This key was generate with LDNS:
diff --git a/label_test.go b/label_test.go
index 366cb846..91cbc121 100644
--- a/label_test.go
+++ b/label_test.go
@@ -30,25 +30,25 @@ func TestCompareLabels(t *testing.T) {
 }
 
 func TestSplitLabels(t *testing.T) {
-        s1 := "www.miek.nl."
-        s2 := "www.miek.nl"
-        s3 := `www\.miek.nl.`
-        s4 := `www\\.miek.nl.`
+	s1 := "www.miek.nl."
+	s2 := "www.miek.nl"
+	s3 := `www\.miek.nl.`
+	s4 := `www\\.miek.nl.`
 
-        if len(SplitLabels(s1)) != 3 {
-                t.Logf("Labels should be 3, %s\n", s1)
-                t.Fail()
-        }
-        if len(SplitLabels(s2)) != 3 {
-                t.Logf("Labels should be 3, %s\n", s2)
-                t.Fail()
-        }
-        if len(SplitLabels(s3)) != 2 {
-                t.Logf("Labels should be 2, %s\n", s3)
-                t.Fail()
-        }
-        if len(SplitLabels(s4)) != 3 {
-                t.Logf("Labels should be 3, %s\n", s4)
-                t.Fail()
-        }
+	if len(SplitLabels(s1)) != 3 {
+		t.Logf("Labels should be 3, %s\n", s1)
+		t.Fail()
+	}
+	if len(SplitLabels(s2)) != 3 {
+		t.Logf("Labels should be 3, %s\n", s2)
+		t.Fail()
+	}
+	if len(SplitLabels(s3)) != 2 {
+		t.Logf("Labels should be 2, %s\n", s3)
+		t.Fail()
+	}
+	if len(SplitLabels(s4)) != 3 {
+		t.Logf("Labels should be 3, %s\n", s4)
+		t.Fail()
+	}
 }
diff --git a/labels.go b/labels.go
index 7db702a6..e4161bfd 100644
--- a/labels.go
+++ b/labels.go
@@ -6,22 +6,22 @@ package dns
 func SplitLabels(s string) []string {
 	k := 0
 	labels := make([]string, 0)
-        last := byte('.')
-        lastlast := byte('.')
+	last := byte('.')
+	lastlast := byte('.')
 	s = Fqdn(s) // Make fully qualified
 	for i := 0; i < len(s); i++ {
 		if s[i] == '.' {
-                        if last == '\\' {
-                                if lastlast != '\\' {
-                                        // do nothing
-                                        continue
-                                }
+			if last == '\\' {
+				if lastlast != '\\' {
+					// do nothing
+					continue
+				}
 			}
 			labels = append(labels, s[k:i])
 			k = i + 1 // + dot
 		}
-                lastlast = last
-                last = s[i]
+		lastlast = last
+		last = s[i]
 	}
 	return labels
 }
diff --git a/msg.go b/msg.go
index f250d0db..03d58bbe 100644
--- a/msg.go
+++ b/msg.go
@@ -29,7 +29,7 @@ var (
 	ErrUnpack      error = &Error{Err: "unpacking failed"}
 	ErrPack        error = &Error{Err: "packing failed"}
 	ErrId          error = &Error{Err: "id mismatch"}
-        ErrBuf         error = &Error{Err: "buffer size too large"}
+	ErrBuf         error = &Error{Err: "buffer size too large"}
 	ErrShortRead   error = &Error{Err: "short read"}
 	ErrConn        error = &Error{Err: "conn holds both UDP and TCP connection"}
 	ErrConnEmpty   error = &Error{Err: "conn has no connection"}
diff --git a/server.go b/server.go
index 5c0e86fa..f60c0071 100644
--- a/server.go
+++ b/server.go
@@ -313,15 +313,15 @@ func (c *conn) serve() {
 func (w *response) Write(data []byte) (n int, err error) {
 	switch {
 	case w.conn._UDP != nil:
-                // I should check the clients, udp message size here TODO(mg)
+		// I should check the clients, udp message size here TODO(mg)
 		n, err = w.conn._UDP.WriteTo(data, w.conn.remoteAddr)
 		if err != nil {
 			return 0, err
 		}
 	case w.conn._TCP != nil:
-                if len(data) > MaxMsgSize {
-                       return 0, ErrBuf
-                }
+		if len(data) > MaxMsgSize {
+			return 0, ErrBuf
+		}
 		l := make([]byte, 2)
 		l[0], l[1] = packUint16(uint16(len(data)))
 		n, err = w.conn._TCP.Write(l)
diff --git a/tsig.go b/tsig.go
index 2310a836..5771efaa 100644
--- a/tsig.go
+++ b/tsig.go
@@ -34,12 +34,12 @@
 package dns
 
 import (
-	"hash"
 	"crypto/hmac"
 	"crypto/md5"
-        "crypto/sha1"
-        "crypto/sha256"
+	"crypto/sha1"
+	"crypto/sha256"
 	"encoding/hex"
+	"hash"
 	"io"
 	"strings"
 	"time"
@@ -107,17 +107,17 @@ func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) error {
 
 	t := new(RR_TSIG)
 
-        var h hash.Hash
-        switch rr.Algorithm {
-        case HmacMD5:
-                h = hmac.New(md5.New, []byte(rawsecret))
-        case HmacSHA1:
-	        h = hmac.New(sha1.New, []byte(rawsecret))
-        case HmacSHA256:
-	        h = hmac.New(sha256.New, []byte(rawsecret))
-        default:
-                return ErrKeyAlg
-        }
+	var h hash.Hash
+	switch rr.Algorithm {
+	case HmacMD5:
+		h = hmac.New(md5.New, []byte(rawsecret))
+	case HmacSHA1:
+		h = hmac.New(sha1.New, []byte(rawsecret))
+	case HmacSHA256:
+		h = hmac.New(sha256.New, []byte(rawsecret))
+	default:
+		return ErrKeyAlg
+	}
 
 	t.MAC = hex.EncodeToString(h.Sum(buf))
 	t.MACSize = uint16(len(t.MAC) / 2) // Size is half!
@@ -153,17 +153,17 @@ func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
 		return ErrTime
 	}
 
-        var h hash.Hash
-        switch tsig.Algorithm {
-        case HmacMD5:
-                h = hmac.New(md5.New, []byte(rawsecret))
-        case HmacSHA1:
-	        h = hmac.New(sha1.New, []byte(rawsecret))
-        case HmacSHA256:
-	        h = hmac.New(sha256.New, []byte(rawsecret))
-        default:
-                return ErrKeyAlg
-        }
+	var h hash.Hash
+	switch tsig.Algorithm {
+	case HmacMD5:
+		h = hmac.New(md5.New, []byte(rawsecret))
+	case HmacSHA1:
+		h = hmac.New(sha1.New, []byte(rawsecret))
+	case HmacSHA256:
+		h = hmac.New(sha256.New, []byte(rawsecret))
+	default:
+		return ErrKeyAlg
+	}
 	io.WriteString(h, string(buf))
 	if strings.ToUpper(hex.EncodeToString(h.Sum(nil))) != strings.ToUpper(tsig.MAC) {
 		return ErrSig
diff --git a/zscan.go b/zscan.go
index 6d0da524..dcf6ba42 100644
--- a/zscan.go
+++ b/zscan.go
@@ -11,6 +11,7 @@ import (
 
 // Only used when debugging the parser itself.
 var _DEBUG = false
+
 const maxTok = 512
 
 // Tokinize a RFC 1035 zone file. The tokenizer will normalize it:
@@ -359,7 +360,7 @@ func (l lex) String() string {
 func zlexer(s scanner.Scanner, c chan lex) {
 	var l lex
 	str := make([]byte, maxTok) // Should be enough for any token
-        stri := 0                  // Offset in str (0 means empty)
+	stri := 0                   // Offset in str (0 means empty)
 	quote := false
 	escape := false
 	space := false
@@ -372,11 +373,11 @@ func zlexer(s scanner.Scanner, c chan lex) {
 	for tok != scanner.EOF {
 		l.column = s.Position.Column
 		l.line = s.Position.Line
-                if stri > maxTok {
-                        l.err = "tok length insufficient for parsing"
-                        c <- l
-                        return
-                }
+		if stri > maxTok {
+			l.err = "tok length insufficient for parsing"
+			c <- l
+			return
+		}
 		switch x := s.TokenText(); x {
 		case " ", "\t":
 			escape = false
@@ -541,7 +542,7 @@ func zlexer(s scanner.Scanner, c chan lex) {
 				break
 			}
 			escape = false
-			str[stri] = byte(x[0])  // This should be ok...
+			str[stri] = byte(x[0]) // This should be ok...
 			stri++
 			space = false
 		}