Discussion:
Why was nslookup removed from FreeBSD 10?
(too old to reply)
Frank Leonhardt
2014-01-25 19:13:08 UTC
Permalink
Unbelievable, but true - someone somewhere thought that removing
nslookup from the base system was the way to go.

Why? Can anyone shed any light on how this decision was made?

That's the question. The remainder are a few observations to save an
obvious response...

nslookup has been deprecated in some quarters for while now, with that
annoying message asking people to use dig instead, although ISC changed
its mind on this point after BIND 9.8. That's not a reason, and anyway,
dig is missing too.

Was it dropped because it's part on BIND, and that's been dropped from
the base system (bad idea if you ask me, but no one did)? Well, as far
as I can tell, this move has left us having to use "host" instead, and
that's part of the BIND package too.

What's next? Will someone get the bright idea that "ls" is a bit dated
and/or unfamiliar to Microsofties and replace it with "dir"? (And EVEN
WINDOWS has nslookup).

If I wanted an OS that lacked features such as DNS out of the box, I'd
have chosen Linux.

Regards, Frank.
Waitman Gobble
2014-01-25 19:30:07 UTC
Permalink
Was it dropped because it's part on BIND, and that's been dropped from the
base system (bad idea if you ask me, but no one did)? Well, as far as I can
tell, this move has left us having to use "host" instead, and that's part
of the BIND package too.
AFAIK nslookup is part of bind, which was dropped from base and instead
unbound.

http://www.freebsdnews.net/2013/09/20/freebsd-10s-new-technologies-and-features/
--
Waitman Gobble
San Jose California USA
510-830-7975
Mark Tinka
2014-01-25 19:37:49 UTC
Permalink
On Saturday, January 25, 2014 09:13:08 PM Frank Leonhardt
Post by Frank Leonhardt
Unbelievable, but true - someone somewhere thought that
removing nslookup from the base system was the way to
go.
Why? Can anyone shed any light on how this decision was
made?
If you read:

http://www.freebsd.org/releases/10.0R/relnotes.html

Under the "2.3. Userland Changes" section, you will notice:

"BIND has been removed from the base system.
unbound(8), which is maintained by NLnet Labs, has
been imported to support local DNS resolution
functionality with DNSSEC. Note that it is not a
replacement of BIND and the latest versions of BIND
is still available in the Ports Collection. With
this change, nslookup and dig are no longer a part
of the base system. Users should instead use
host(1) and drill(1) Alternatively, nslookup and
dig can be obtained by installing dns/bind-tools
port. [r255949]"

So install /usr/ports/dns/bind-tools and you're a happy guy.

As to the philosophy of it all, no point arguing. Fait
accompli.

Mark.
Frank Leonhardt
2014-01-25 19:52:57 UTC
Permalink
Post by Mark Tinka
On Saturday, January 25, 2014 09:13:08 PM Frank Leonhardt
Post by Frank Leonhardt
Unbelievable, but true - someone somewhere thought that
removing nslookup from the base system was the way to
go.
Why? Can anyone shed any light on how this decision was
made?
http://www.freebsd.org/releases/10.0R/relnotes.html
"BIND has been removed from the base system.
unbound(8), which is maintained by NLnet Labs, has
been imported to support local DNS resolution
functionality with DNSSEC. Note that it is not a
replacement of BIND and the latest versions of BIND
is still available in the Ports Collection. With
this change, nslookup and dig are no longer a part
of the base system. Users should instead use
host(1) and drill(1) Alternatively, nslookup and
dig can be obtained by installing dns/bind-tools
port. [r255949]"
So install /usr/ports/dns/bind-tools and you're a happy guy.
As to the philosophy of it all, no point arguing. Fait
accompli.
Mark.
As you and Waitman both pointed out, nslookup IS part of BIND, yet as I
said in the diatribe following the question in my post, so is "host" and
that's still there. Also Windoze has nslookup but doesn't include BIND.
I agree there's no point arguing unless you know the rational behind
what appears an arbitrary decision; hence my question. Was this simply
an oversight or is there a thought-out reason for it that one can take
issue with?

IIRC, nslookup was present in 4.3BSD, and I'm pretty sure it existed
before that. (That's BSD, not FreeBSD). Its relied on in scripts. The
reason for dropping it from the base system must be pretty spectacular.

FreeBSD 10.0 might be better known as FreeBSD Vista, at this rate.

Regards, Frank.
RW
2014-01-25 20:20:38 UTC
Permalink
On Sat, 25 Jan 2014 19:52:57 +0000
Post by Frank Leonhardt
As you and Waitman both pointed out, nslookup IS part of BIND, yet as
I said in the diatribe following the question in my post, so is
"host" and that's still there.
From the host manpage:

COMPATIBILITY
host aims to be reasonably compatible with `host' utility from
BIND9 distribution,
Matthew Pherigo
2014-01-25 20:26:26 UTC
Permalink
To my understanding, almost half of all the security vulnerabilities in the entire lifetime of the FreeBSD project have been from BIND. Personally, I'd say that's "pretty spectacular."

--Matt
Post by Mark Tinka
On Saturday, January 25, 2014 09:13:08 PM Frank Leonhardt
Post by Frank Leonhardt
Unbelievable, but true - someone somewhere thought that
removing nslookup from the base system was the way to
go.
Why? Can anyone shed any light on how this decision was
made?
http://www.freebsd.org/releases/10.0R/relnotes.html
"BIND has been removed from the base system.
unbound(8), which is maintained by NLnet Labs, has
been imported to support local DNS resolution
functionality with DNSSEC. Note that it is not a
replacement of BIND and the latest versions of BIND
is still available in the Ports Collection. With
this change, nslookup and dig are no longer a part
of the base system. Users should instead use
host(1) and drill(1) Alternatively, nslookup and
dig can be obtained by installing dns/bind-tools
port. [r255949]"
So install /usr/ports/dns/bind-tools and you're a happy guy.
As to the philosophy of it all, no point arguing. Fait
accompli.
Mark.
As you and Waitman both pointed out, nslookup IS part of BIND, yet as I said in the diatribe following the question in my post, so is "host" and that's still there. Also Windoze has nslookup but doesn't include BIND. I agree there's no point arguing unless you know the rational behind what appears an arbitrary decision; hence my question. Was this simply an oversight or is there a thought-out reason for it that one can take issue with?
IIRC, nslookup was present in 4.3BSD, and I'm pretty sure it existed before that. (That's BSD, not FreeBSD). Its relied on in scripts. The reason for dropping it from the base system must be pretty spectacular.
FreeBSD 10.0 might be better known as FreeBSD Vista, at this rate.
Regards, Frank.
_______________________________________________
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
Waitman Gobble
2014-01-25 20:55:45 UTC
Permalink
Post by Frank Leonhardt
Post by Mark Tinka
On Saturday, January 25, 2014 09:13:08 PM Frank Leonhardt
Unbelievable, but true - someone somewhere thought that
Post by Frank Leonhardt
removing nslookup from the base system was the way to
go.
Why? Can anyone shed any light on how this decision was
made?
http://www.freebsd.org/releases/10.0R/relnotes.html
"BIND has been removed from the base system.
unbound(8), which is maintained by NLnet Labs, has
been imported to support local DNS resolution
functionality with DNSSEC. Note that it is not a
replacement of BIND and the latest versions of BIND
is still available in the Ports Collection. With
this change, nslookup and dig are no longer a part
of the base system. Users should instead use
host(1) and drill(1) Alternatively, nslookup and
dig can be obtained by installing dns/bind-tools
port. [r255949]"
So install /usr/ports/dns/bind-tools and you're a happy guy.
As to the philosophy of it all, no point arguing. Fait
accompli.
Mark.
As you and Waitman both pointed out, nslookup IS part of BIND, yet as I
said in the diatribe following the question in my post, so is "host" and
that's still there. Also Windoze has nslookup but doesn't include BIND. I
agree there's no point arguing unless you know the rational behind what
appears an arbitrary decision; hence my question. Was this simply an
oversight or is there a thought-out reason for it that one can take issue
with?
IIRC, nslookup was present in 4.3BSD, and I'm pretty sure it existed
before that. (That's BSD, not FreeBSD). Its relied on in scripts. The
reason for dropping it from the base system must be pretty spectacular.
FreeBSD 10.0 might be better known as FreeBSD Vista, at this rate.
Regards, Frank.
_______________________________________________
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-
You might try 'drill' in contrib/ldns

http://svnweb.freebsd.org/base/release/10.0.0/contrib/ldns/drill/drill.c?view=log
--
Waitman Gobble
San Jose California USA
510-830-7975
Frank Leonhardt
2014-01-25 21:03:52 UTC
Permalink
Post by RW
On Sat, 25 Jan 2014 19:52:57 +0000
Post by Frank Leonhardt
As you and Waitman both pointed out, nslookup IS part of BIND, yet as
I said in the diatribe following the question in my post, so is
"host" and that's still there.
COMPATIBILITY
host aims to be reasonably compatible with `host' utility from
BIND9 distribution,
Yes - I read that too, and assumed it means it's a derived work until
I'd checked the source code. It's contributed, but part of ldns and not
bind. By removing bind from the base system in favour of ldns based
stuff, it could mean that its just the case that no one wrote an ldns
version of nslookup or dig; only host. This is one of my theories as to
the answer.

It's worth noting that one of the criticisms I've heard of nslookup has
been that it DOESN'T use BIND as a resolver and works in its
self-contained way, and is therefore not valid as a DNS (meaning BIND)
debugging tool. However, it should mean that it's stand-alone - hence
the Windoze port (which used to contain incriminating strings showing it
was pinched from BSD!)

So if you prefer a slightly rephrased question: Why has someone written
"host" for FreeBSD 10.0 but neglected to provide nslookup (or dig)?

As to Matt's comment that "almost half of all the security
vulnerabilities in the entire lifetime of the FreeBSD project have been
from BIND. Personally, I'd say that's "pretty spectacular."" - I'd say
that's these security vulnerabilities are more to do with DNS the
protocol rather than BIND the implementation. Whoever would have thought
that criminals would have got their hands on computers? By removing BIND
and not replacing it with anything (apart from a local resolver) will, I
guess, meet your security needs. But I'm talking about nslookup, not the
whole of BIND and all its utilities. I've never heard of a security
problem with nslookup. Except, of course, with the Micro$soft version ;-)

There must be a discussion about how the decision was taken somewhere,
mustn't there? If there isn't, its looking like an accident.

Regards, Frank.
Frank Leonhardt
2014-01-25 21:32:44 UTC
Permalink
Post by Waitman Gobble
Post by Frank Leonhardt
Post by Mark Tinka
On Saturday, January 25, 2014 09:13:08 PM Frank Leonhardt
Unbelievable, but true - someone somewhere thought that
Post by Frank Leonhardt
removing nslookup from the base system was the way to
go.
Why? Can anyone shed any light on how this decision was
made?
http://www.freebsd.org/releases/10.0R/relnotes.html
"BIND has been removed from the base system.
unbound(8), which is maintained by NLnet Labs, has
been imported to support local DNS resolution
functionality with DNSSEC. Note that it is not a
replacement of BIND and the latest versions of BIND
is still available in the Ports Collection. With
this change, nslookup and dig are no longer a part
of the base system. Users should instead use
host(1) and drill(1) Alternatively, nslookup and
dig can be obtained by installing dns/bind-tools
port. [r255949]"
So install /usr/ports/dns/bind-tools and you're a happy guy.
As to the philosophy of it all, no point arguing. Fait
accompli.
Mark.
As you and Waitman both pointed out, nslookup IS part of BIND, yet as I
said in the diatribe following the question in my post, so is "host" and
that's still there. Also Windoze has nslookup but doesn't include BIND. I
agree there's no point arguing unless you know the rational behind what
appears an arbitrary decision; hence my question. Was this simply an
oversight or is there a thought-out reason for it that one can take issue
with?
IIRC, nslookup was present in 4.3BSD, and I'm pretty sure it existed
before that. (That's BSD, not FreeBSD). Its relied on in scripts. The
reason for dropping it from the base system must be pretty spectacular.
FreeBSD 10.0 might be better known as FreeBSD Vista, at this rate.
Regards, Frank.
_______________________________________________
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-
You might try 'drill' in contrib/ldns
http://svnweb.freebsd.org/base/release/10.0.0/contrib/ldns/drill/drill.c?view=log
I see - a dig clone called drill. Amusingly the man page refers to dig
in the See Also, although it's not there. I don't know if drill is
script-compatible with dig, but I was never a fan anyway. A quick snoop
at NLnet's web site shows it as the only tool that goes with ldns. It's
reasonable to remove multiplicity if you're going to have a revolution.

I know I can compile and install BIND and get everything back, but this
isn't my gripe. When a utility has been part of the base system for
nearly 30 years, and has doubtless found itself used in plenty of
scripts, you shouldn't just go around arbitrarily removing it.

(And FWIW, I'm also one of the many worried by the prospect switching to
BIND 10!)
Waitman Gobble
2014-01-25 21:33:54 UTC
Permalink
Post by RW
On Sat, 25 Jan 2014 19:52:57 +0000
As you and Waitman both pointed out, nslookup IS part of BIND, yet as
Post by Frank Leonhardt
I said in the diatribe following the question in my post, so is
"host" and that's still there.
COMPATIBILITY
host aims to be reasonably compatible with `host' utility from
BIND9 distribution,
Yes - I read that too, and assumed it means it's a derived work until I'd
checked the source code. It's contributed, but part of ldns and not bind.
By removing bind from the base system in favour of ldns based stuff, it
could mean that its just the case that no one wrote an ldns version of
nslookup or dig; only host. This is one of my theories as to the answer.
It's worth noting that one of the criticisms I've heard of nslookup has
been that it DOESN'T use BIND as a resolver and works in its self-contained
way, and is therefore not valid as a DNS (meaning BIND) debugging tool.
However, it should mean that it's stand-alone - hence the Windoze port
(which used to contain incriminating strings showing it was pinched from
BSD!)
So if you prefer a slightly rephrased question: Why has someone written
"host" for FreeBSD 10.0 but neglected to provide nslookup (or dig)?
As to Matt's comment that "almost half of all the security vulnerabilities
in the entire lifetime of the FreeBSD project have been from BIND.
Personally, I'd say that's "pretty spectacular."" - I'd say that's these
security vulnerabilities are more to do with DNS the protocol rather than
BIND the implementation. Whoever would have thought that criminals would
have got their hands on computers? By removing BIND and not replacing it
with anything (apart from a local resolver) will, I guess, meet your
security needs. But I'm talking about nslookup, not the whole of BIND and
all its utilities. I've never heard of a security problem with nslookup.
Except, of course, with the Micro$soft version ;-)
There must be a discussion about how the decision was taken somewhere,
mustn't there? If there isn't, its looking like an accident.
Regards, Frank.
_______________________________________________
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-
I believe the reasoning.. because BIND is a full-featured authoritative
name server (and much more), unbound has a much more narrow aim. unbound
also has BSD license. (ISC is similar).

Anyway, So far I like my experimental BIND10 authoritative nameserver much
better than my BIND9 servers, but I can't see how BIND10 would ever be part
of base. That wouldn't work.
--
Waitman Gobble
San Jose California USA
510-830-7975
Jack L.
2014-01-26 06:17:47 UTC
Permalink
Many systems have removed nslookup from the base system so FreeBSD
removing it is nothing new. At first, I was pretty annoyed but it
makes sense that bind should not be part of the base system unless
it's purpose is to serve as a DNS server. For all other users,
installing bind-utils is fine.
Post by Matthew Pherigo
To my understanding, almost half of all the security vulnerabilities in the entire lifetime of the FreeBSD project have been from BIND. Personally, I'd say that's "pretty spectacular."
--Matt
Post by Mark Tinka
On Saturday, January 25, 2014 09:13:08 PM Frank Leonhardt
Post by Frank Leonhardt
Unbelievable, but true - someone somewhere thought that
removing nslookup from the base system was the way to
go.
Why? Can anyone shed any light on how this decision was
made?
http://www.freebsd.org/releases/10.0R/relnotes.html
"BIND has been removed from the base system.
unbound(8), which is maintained by NLnet Labs, has
been imported to support local DNS resolution
functionality with DNSSEC. Note that it is not a
replacement of BIND and the latest versions of BIND
is still available in the Ports Collection. With
this change, nslookup and dig are no longer a part
of the base system. Users should instead use
host(1) and drill(1) Alternatively, nslookup and
dig can be obtained by installing dns/bind-tools
port. [r255949]"
So install /usr/ports/dns/bind-tools and you're a happy guy.
As to the philosophy of it all, no point arguing. Fait
accompli.
Mark.
As you and Waitman both pointed out, nslookup IS part of BIND, yet as I said in the diatribe following the question in my post, so is "host" and that's still there. Also Windoze has nslookup but doesn't include BIND. I agree there's no point arguing unless you know the rational behind what appears an arbitrary decision; hence my question. Was this simply an oversight or is there a thought-out reason for it that one can take issue with?
IIRC, nslookup was present in 4.3BSD, and I'm pretty sure it existed before that. (That's BSD, not FreeBSD). Its relied on in scripts. The reason for dropping it from the base system must be pretty spectacular.
FreeBSD 10.0 might be better known as FreeBSD Vista, at this rate.
Regards, Frank.
_______________________________________________
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
_______________________________________________
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
Julian H. Stacey
2014-01-26 14:20:20 UTC
Permalink
Post by Frank Leonhardt
There must be a discussion about how the decision was taken somewhere,
mustn't there? If there isn't, its looking like an accident.
Regards, Frank.
Hi Frank & questions@,
There were discussions. Nslookup was treated as a corollary of
removing bind from src/ to ports/. To find discussions search archives
with word bind in subject headers, (better than keyword nslookup or named).
I recall archives to search as current@ or stable@ freebsd.org.

The rationale for bind removal from src/ I thought ill advised; it won't
suprise me if FreeBSD gets roasted for no longer being net server ready.

Complaints or calls for review should go to <***@freebsd.org>.

Cheers,
Julian
--
Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com
Interleave replies below like a play script. Indent old text with "> ".
Send plain text, not quoted-printable, HTML, base64, or multipart/alternative.
David Demelier
2014-01-26 18:22:15 UTC
Permalink
Post by Frank Leonhardt
Post by Mark Tinka
On Saturday, January 25, 2014 09:13:08 PM Frank Leonhardt
Post by Frank Leonhardt
Unbelievable, but true - someone somewhere thought that
removing nslookup from the base system was the way to
go.
Why? Can anyone shed any light on how this decision was
made?
http://www.freebsd.org/releases/10.0R/relnotes.html
"BIND has been removed from the base system.
unbound(8), which is maintained by NLnet Labs, has
been imported to support local DNS resolution
functionality with DNSSEC. Note that it is not a
replacement of BIND and the latest versions of BIND
is still available in the Ports Collection. With
this change, nslookup and dig are no longer a part
of the base system. Users should instead use
host(1) and drill(1) Alternatively, nslookup and
dig can be obtained by installing dns/bind-tools
port. [r255949]"
So install /usr/ports/dns/bind-tools and you're a happy guy.
As to the philosophy of it all, no point arguing. Fait
accompli.
Mark.
As you and Waitman both pointed out, nslookup IS part of BIND, yet as I
said in the diatribe following the question in my post, so is "host" and
that's still there. Also Windoze has nslookup but doesn't include BIND.
I agree there's no point arguing unless you know the rational behind
what appears an arbitrary decision; hence my question. Was this simply
an oversight or is there a thought-out reason for it that one can take
issue with?
IIRC, nslookup was present in 4.3BSD, and I'm pretty sure it existed
before that. (That's BSD, not FreeBSD). Its relied on in scripts. The
reason for dropping it from the base system must be pretty spectacular.
FreeBSD 10.0 might be better known as FreeBSD Vista, at this rate.
Regards, Frank.
Please don't piss off, there was thousands of reasons for removing BIND
from base. It generates at least 5 security advisories by year. FreeBSD
has a great feature called "ports" / "packages". Of course it's always
great to have a fully functional system just after an installation. But
can you seriously use a FreeBSD fresh install? I think you need to
install a bunch of packages before :-).

So just a pkg install bind-tools is not so hard, isn't it?

Regards,

David.
Frank Leonhardt
2014-01-26 21:21:54 UTC
Permalink
Post by David Demelier
Post by Frank Leonhardt
Post by Mark Tinka
On Saturday, January 25, 2014 09:13:08 PM Frank Leonhardt
Post by Frank Leonhardt
Unbelievable, but true - someone somewhere thought that
removing nslookup from the base system was the way to
go.
Why? Can anyone shed any light on how this decision was
made?
http://www.freebsd.org/releases/10.0R/relnotes.html
"BIND has been removed from the base system.
unbound(8), which is maintained by NLnet Labs, has
been imported to support local DNS resolution
functionality with DNSSEC. Note that it is not a
replacement of BIND and the latest versions of BIND
is still available in the Ports Collection. With
this change, nslookup and dig are no longer a part
of the base system. Users should instead use
host(1) and drill(1) Alternatively, nslookup and
dig can be obtained by installing dns/bind-tools
port. [r255949]"
So install /usr/ports/dns/bind-tools and you're a happy guy.
As to the philosophy of it all, no point arguing. Fait
accompli.
Mark.
As you and Waitman both pointed out, nslookup IS part of BIND, yet as I
said in the diatribe following the question in my post, so is "host" and
that's still there. Also Windoze has nslookup but doesn't include BIND.
I agree there's no point arguing unless you know the rational behind
what appears an arbitrary decision; hence my question. Was this simply
an oversight or is there a thought-out reason for it that one can take
issue with?
IIRC, nslookup was present in 4.3BSD, and I'm pretty sure it existed
before that. (That's BSD, not FreeBSD). Its relied on in scripts. The
reason for dropping it from the base system must be pretty spectacular.
FreeBSD 10.0 might be better known as FreeBSD Vista, at this rate.
Regards, Frank.
Please don't piss off, there was thousands of reasons for removing BIND
from base. It generates at least 5 security advisories by year. FreeBSD
has a great feature called "ports" / "packages". Of course it's always
great to have a fully functional system just after an installation. But
can you seriously use a FreeBSD fresh install? I think you need to
install a bunch of packages before :-).
So just a pkg install bind-tools is not so hard, isn't it?
Regards,
David.
All this is may be true, but I was asking about nslookup, specifically
not BIND (as I pointed out in the original question). If you read most
of this thread, people just want to talk about BIND and as a result I
can see why you'd think this was the agenda when it wasn't. I'm having a
few interesting off-list discussions about the merits or otherwise of
BIND and where BIND10 is going, but that's not a question (feel free to
join in by email).

So, to get back to the question, the problem is that nslookup is missing
from base. Why?

Yes, it was part of BIND, but it needn't be as it uses its own resolver
(which is one of its long-running criticisms, but in this case it's a
strength).

Dig and host were also part of BIND. BIND's dig has been replaced in
ldns by the semi-compatible "drill". BIND's host has been replaced on
FreeBSD 10.0 by an ldns re-write. BIND's nslookup, the oldest utility of
them all, the one that people use for scripting because it's been there
since the beginning of time (nearly), the one that's available
(out-of-the-box) on every platform including Microsoft - is suddenly GONE!

If someone's not involved in server-type stuff and don't use shell
scripts the significance of this may be less hard to see, but the reason
for having a base system, unlike the disparate Linux distributions where
nothing can be taken for granted, is that you can take a script written
in 1986 that has limited itself to base-system utilities and it will
STILL RUN in 2014.

So did this happen because someone decided that there was no need to
have a DNS server in base when all that was needed was a caching
resolver, and the nslookup utility was simply overlooked. Or did someone
decide that nslookup was a problem and dropped it. Or is it on someone's
To Do list and got missed off that way?
Frank Leonhardt
2014-01-26 21:53:51 UTC
Permalink
Post by Julian H. Stacey
Post by Frank Leonhardt
There must be a discussion about how the decision was taken somewhere,
mustn't there? If there isn't, its looking like an accident.
Regards, Frank.
There were discussions. Nslookup was treated as a corollary of
removing bind from src/ to ports/. To find discussions search archives
with word bind in subject headers, (better than keyword nslookup or named).
The rationale for bind removal from src/ I thought ill advised; it won't
suprise me if FreeBSD gets roasted for no longer being net server ready.
Cheers,
Julian
Thanks - I'm following this up. Incidentally, I've tested it and
nslookup /runs/ just fine without any other part of BIND being present.

Regards, Frank.
Darren Pilgrim
2014-01-27 04:22:26 UTC
Permalink
Post by Julian H. Stacey
The rationale for bind removal from src/ I thought ill advised; it won't
suprise me if FreeBSD gets roasted for no longer being net server ready.
The irony being that if you were at all serious about running mail, DNS,
NTP, etc., you used a port because the in-base versions were old and
could not be easily upgraded in the event of security problems. This is
one of many points made during the discussion on removing BIND from the
base.
Frank Leonhardt
2014-01-27 12:50:50 UTC
Permalink
Post by Darren Pilgrim
Post by Julian H. Stacey
The rationale for bind removal from src/ I thought ill advised; it won't
suprise me if FreeBSD gets roasted for no longer being net server ready.
The irony being that if you were at all serious about running mail,
DNS, NTP, etc., you used a port because the in-base versions were old
and could not be easily upgraded in the event of security problems.
This is one of many points made during the discussion on removing BIND
from the base.
Ah, but American's don't do irony.

I'm never going to steer this away from BIND and back to nslookup, and
if you can't beat'em...

I think you're quite correct in pointing this out. The argument for
keeping BIND as part of the base system is similar to the argument for
including Apache or Samba. If you're running a server you're probably
going to need one or other, or both; probably more than BIND. And while
we're at it, how about replacing imapd and qpopper (anyone for a REAL
security problem???) with Dovecot, and ftpd with PureFTP and....

So I'm actually okay with installing BIND from ports, as long as it works.

But these are all services. nslookup is a utility, normally found in
/usr/bin (not /usr/local...). It's the only utility to have been removed
from the system binary directories. I don't know if this is written
somewhere in blood, but I've spent the last 30 years assuming anything
in /bin and /usr/bin is going to be safe to use in scripts because it
will always be there. I reckon history is on my side here!

Sendmail could be considered a bit dated too. Will that be next? If so,
with "... | mail root" still work?

Regards, Frank.
RW
2014-01-27 13:29:00 UTC
Permalink
On Mon, 27 Jan 2014 12:50:50 +0000
Post by Frank Leonhardt
Sendmail could be considered a bit dated too. Will that be next?
There has been some talk about replacing it with something more
lightweight that would handle local mail (and possibly remote
submission).
Post by Frank Leonhardt
If
so, with "... | mail root" still work?
yes
Frank Leonhardt
2014-01-27 13:43:06 UTC
Permalink
Post by RW
On Mon, 27 Jan 2014 12:50:50 +0000
Post by Frank Leonhardt
Sendmail could be considered a bit dated too. Will that be next?
There has been some talk about replacing it with something more
lightweight that would handle local mail (and possibly remote
submission).
Post by Frank Leonhardt
If
so, with "... | mail root" still work?
yes
I don't imagine anyone planned to break scripts when BIND was replaced
either ;-) The law of unintended consequences applies.

Regards, Frank.
Julian H. Stacey
2014-01-27 13:01:26 UTC
Permalink
Date: Sun, 26 Jan 2014 20:22:26 -0800
Post by Julian H. Stacey
The rationale for bind removal from src/ I thought ill advised; it won't
suprise me if FreeBSD gets roasted for no longer being net server ready.
The irony being that if you were at all serious about running mail, DNS,
NTP, etc., you used a port because the in-base versions were old and
could not be easily upgraded in the event of security problems. This is
one of many points made during the discussion on removing BIND from the
base.
bind was in src/ from 4.4BSD_Lite to 9.2-RELEASE. No warning of pending
removal in a prior release. Alternatives existed, but removal was forced
& botched, too late before release, (inconsistencies were still being
reported between src & ports very recently). Lack of management & planning.

Cheers,
Julian
--
Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com
Interleave replies below like a play script. Indent old text with "> ".
Send plain text, not quoted-printable, HTML, base64, or multipart/alternative.
Al Plant
2014-01-29 23:17:36 UTC
Permalink
Post by Frank Leonhardt
Unbelievable, but true - someone somewhere thought that removing
nslookup from the base system was the way to go.
Why? Can anyone shed any light on how this decision was made?
That's the question. The remainder are a few observations to save an
obvious response...
nslookup has been deprecated in some quarters for while now, with that
annoying message asking people to use dig instead, although ISC changed
its mind on this point after BIND 9.8. That's not a reason, and anyway,
dig is missing too.
Was it dropped because it's part on BIND, and that's been dropped from
the base system (bad idea if you ask me, but no one did)? Well, as far
as I can tell, this move has left us having to use "host" instead, and
that's part of the BIND package too.
What's next? Will someone get the bright idea that "ls" is a bit dated
and/or unfamiliar to Microsofties and replace it with "dir"? (And EVEN
WINDOWS has nslookup).
If I wanted an OS that lacked features such as DNS out of the box, I'd
have chosen Linux.
Regards, Frank.
_______________________________________________
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
Aloha Frank,

FWIW:
I just had to use nslookup and dig.
I am working on moving a DNS for a mail server from an ATM setup to
inside of a lan with a public IP from my ISP.

Both tools are what Zone Edit uses on their servers. So I am going to
add the /usr/ports/dns/bind-tools when I replace my current Desktop BSD
boxes to FreeBSD10.

AL :)

~Al Plant - Honolulu, Hawaii - Phone: 808-284-2740
+ http://hawaiidakine.com + http://freebsdinfo.org +
+ http://aloha50.net - Supporting - FreeBSD 7.2 - 8.0 - 9* +
< email: ***@hdk5.net >
"All that's really worth doing is what we do for others."- Lewis Carrol
r***@gmail.com
2020-01-12 19:30:50 UTC
Permalink
Post by Frank Leonhardt
Unbelievable, but true - someone somewhere thought that removing
nslookup from the base system was the way to go.
Why? Can anyone shed any light on how this decision was made?
That's the question. The remainder are a few observations to save an
obvious response...
nslookup has been deprecated in some quarters for while now, with that
annoying message asking people to use dig instead, although ISC changed
its mind on this point after BIND 9.8. That's not a reason, and anyway,
dig is missing too.
Was it dropped because it's part on BIND, and that's been dropped from
the base system (bad idea if you ask me, but no one did)? Well, as far
as I can tell, this move has left us having to use "host" instead, and
that's part of the BIND package too.
What's next? Will someone get the bright idea that "ls" is a bit dated
and/or unfamiliar to Microsofties and replace it with "dir"? (And EVEN
WINDOWS has nslookup).
If I wanted an OS that lacked features such as DNS out of the box, I'd
have chosen Linux.
Regards, Frank.
_______________________________________________
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
Its board developers who thinks what we should "improve" today this was removed from Debian and FreeBSD and maybe others, also vi will not be installed by default in some distro's
I am almost 30y working with IT and lately instead of things getting more simple they get more complicated
(and not working properly)

Loading...