Why was nslookup removed from FreeBSD 10?

Jack L. xxjack12xx at gmail.com
Sun Jan 26 06:18:29 UTC 2014


Many systems have removed nslookup from the base system so FreeBSD
removing it is nothing new. At first, I was pretty annoyed but it
makes sense that bind should not be part of the base system unless
it's purpose is to serve as a DNS server. For all other users,
installing bind-utils is fine.

On Sat, Jan 25, 2014 at 12:26 PM, Matthew Pherigo <hybrid120 at gmail.com> wrote:
> To my understanding, almost half of all the security vulnerabilities in the entire lifetime of the FreeBSD project have been from BIND. Personally, I'd say that's "pretty spectacular."
>
> --Matt
>
>> On Jan 25, 2014, at 1:52 PM, Frank Leonhardt <frank2 at fjl.co.uk> wrote:
>>
>>> On 25/01/2014 19:37, Mark Tinka wrote:
>>> On Saturday, January 25, 2014 09:13:08 PM Frank Leonhardt
>>> wrote:
>>>
>>>> Unbelievable, but true - someone somewhere thought that
>>>> removing nslookup from the base system was the way to
>>>> go.
>>>>
>>>> Why? Can anyone shed any light on how this decision was
>>>> made?
>>> If you read:
>>>
>>>    http://www.freebsd.org/releases/10.0R/relnotes.html
>>>
>>> Under the "2.3. Userland Changes" section, you will notice:
>>>
>>>    "BIND has been removed from the base system.
>>>     unbound(8), which is maintained by NLnet Labs, has
>>>     been imported to support local DNS resolution
>>>     functionality with DNSSEC. Note that it is not a
>>>     replacement of BIND and the latest versions of BIND
>>>     is still available in the Ports Collection. With
>>>     this change, nslookup and dig are no longer a part
>>>     of the base system. Users should instead use
>>>     host(1) and drill(1) Alternatively, nslookup and
>>>     dig can be obtained by installing dns/bind-tools
>>>     port. [r255949]"
>>>
>>> So install /usr/ports/dns/bind-tools and you're a happy guy.
>>>
>>> As to the philosophy of it all, no point arguing. Fait
>>> accompli.
>>>
>>> Mark.
>> As you and Waitman both pointed out, nslookup IS part of BIND, yet as I said in the diatribe following the question in my post, so is "host" and that's still there. Also Windoze has nslookup but doesn't include BIND. I agree there's no point arguing unless you know the rational behind what appears an arbitrary decision; hence my question. Was this simply an oversight or is there a thought-out reason for it that one can take issue with?
>>
>> IIRC, nslookup was present in 4.3BSD, and I'm pretty sure it existed before that. (That's BSD, not FreeBSD). Its relied on in scripts. The reason for dropping it from the base system must be pretty spectacular.
>>
>> FreeBSD 10.0 might be better known as FreeBSD Vista, at this rate.
>>
>> Regards, Frank.
>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"


More information about the freebsd-questions mailing list