Why was nslookup removed from FreeBSD 10?
frank2 at fjl.co.uk
Sun Jan 26 21:22:03 UTC 2014
On 26/01/2014 18:22, David Demelier wrote:
> On 25/01/2014 20:52, Frank Leonhardt wrote:
>> On 25/01/2014 19:37, Mark Tinka wrote:
>>> On Saturday, January 25, 2014 09:13:08 PM Frank Leonhardt
>>>> Unbelievable, but true - someone somewhere thought that
>>>> removing nslookup from the base system was the way to
>>>> Why? Can anyone shed any light on how this decision was
>>> If you read:
>>> Under the "2.3. Userland Changes" section, you will notice:
>>> "BIND has been removed from the base system.
>>> unbound(8), which is maintained by NLnet Labs, has
>>> been imported to support local DNS resolution
>>> functionality with DNSSEC. Note that it is not a
>>> replacement of BIND and the latest versions of BIND
>>> is still available in the Ports Collection. With
>>> this change, nslookup and dig are no longer a part
>>> of the base system. Users should instead use
>>> host(1) and drill(1) Alternatively, nslookup and
>>> dig can be obtained by installing dns/bind-tools
>>> port. [r255949]"
>>> So install /usr/ports/dns/bind-tools and you're a happy guy.
>>> As to the philosophy of it all, no point arguing. Fait
>> As you and Waitman both pointed out, nslookup IS part of BIND, yet as I
>> said in the diatribe following the question in my post, so is "host" and
>> that's still there. Also Windoze has nslookup but doesn't include BIND.
>> I agree there's no point arguing unless you know the rational behind
>> what appears an arbitrary decision; hence my question. Was this simply
>> an oversight or is there a thought-out reason for it that one can take
>> issue with?
>> IIRC, nslookup was present in 4.3BSD, and I'm pretty sure it existed
>> before that. (That's BSD, not FreeBSD). Its relied on in scripts. The
>> reason for dropping it from the base system must be pretty spectacular.
>> FreeBSD 10.0 might be better known as FreeBSD Vista, at this rate.
>> Regards, Frank.
> Please don't piss off, there was thousands of reasons for removing BIND
> from base. It generates at least 5 security advisories by year. FreeBSD
> has a great feature called "ports" / "packages". Of course it's always
> great to have a fully functional system just after an installation. But
> can you seriously use a FreeBSD fresh install? I think you need to
> install a bunch of packages before :-).
> So just a pkg install bind-tools is not so hard, isn't it?
All this is may be true, but I was asking about nslookup, specifically
not BIND (as I pointed out in the original question). If you read most
of this thread, people just want to talk about BIND and as a result I
can see why you'd think this was the agenda when it wasn't. I'm having a
few interesting off-list discussions about the merits or otherwise of
BIND and where BIND10 is going, but that's not a question (feel free to
join in by email).
So, to get back to the question, the problem is that nslookup is missing
from base. Why?
Yes, it was part of BIND, but it needn't be as it uses its own resolver
(which is one of its long-running criticisms, but in this case it's a
Dig and host were also part of BIND. BIND's dig has been replaced in
ldns by the semi-compatible "drill". BIND's host has been replaced on
FreeBSD 10.0 by an ldns re-write. BIND's nslookup, the oldest utility of
them all, the one that people use for scripting because it's been there
since the beginning of time (nearly), the one that's available
(out-of-the-box) on every platform including Microsoft - is suddenly GONE!
If someone's not involved in server-type stuff and don't use shell
scripts the significance of this may be less hard to see, but the reason
for having a base system, unlike the disparate Linux distributions where
nothing can be taken for granted, is that you can take a script written
in 1986 that has limited itself to base-system utilities and it will
STILL RUN in 2014.
So did this happen because someone decided that there was no need to
have a DNS server in base when all that was needed was a caching
resolver, and the nslookup utility was simply overlooked. Or did someone
decide that nslookup was a problem and dropped it. Or is it on someone's
To Do list and got missed off that way?
More information about the freebsd-questions