Bind in FreeBSD, security advisories
Garrett Wollman
wollman at hergotha.csail.mit.edu
Tue Jul 30 12:45:58 UTC 2013
In article
<1375186900.23467.3223791.24CB348A at webmail.messagingengine.com>,
feld at freebsd.org writes:
>just import Unbound. However, if you can't reach any DNS servers I
>assume you can't reach the roots either, so I don't understand what a
>local recursor will gain you.
There are plenty of situations in which a remote recursive resolver is
untrustworthy. (Some would say any situation.) It doesn't have to be
BIND, but people do legitimately want the normal DNS diagnostic
utilities, which sadly have been tied together with BIND for some
years now. (I don't know why anyone would ever use nslookup(1), but
host(1) and dig(1) are pretty much essential.)
It is a little bit disconcerting to see that big chunks of our BSD
heritage have turned into someone else's commercial product, but that
seems to be the way of the world these days.
-GAWollman
More information about the freebsd-stable
mailing list