From owner-freebsd-questions@FreeBSD.ORG Mon Jan 27 12:50:49 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 877A7674 for ; Mon, 27 Jan 2014 12:50:49 +0000 (UTC) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 0845A1567 for ; Mon, 27 Jan 2014 12:50:48 +0000 (UTC) Received: from [192.168.1.35] (host86-163-127-175.range86-163.btcentralplus.com [86.163.127.175]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id s0RCok13069035 (version=TLSv1/SSLv3 cipher=DHE-DSS-CAMELLIA256-SHA bits=256 verify=NO) for ; Mon, 27 Jan 2014 12:50:47 GMT (envelope-from frank2@fjl.co.uk) Message-ID: <52E6562A.2050402@fjl.co.uk> Date: Mon, 27 Jan 2014 12:50:50 +0000 From: Frank Leonhardt User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: freebsd-questions Subject: Re: Why was nslookup removed from FreeBSD 10? References: <201401261420.s0QEKKMn080851@fire.js.berklix.net> <52E5DF02.4010500@bluerosetech.com> In-Reply-To: <52E5DF02.4010500@bluerosetech.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jan 2014 12:50:49 -0000 On 27/01/2014 04:22, Darren Pilgrim wrote: > On 1/26/2014 6:20 AM, Julian H. Stacey wrote: >> The rationale for bind removal from src/ I thought ill advised; it won't >> suprise me if FreeBSD gets roasted for no longer being net server ready. > > The irony being that if you were at all serious about running mail, > DNS, NTP, etc., you used a port because the in-base versions were old > and could not be easily upgraded in the event of security problems. > This is one of many points made during the discussion on removing BIND > from the base. Ah, but American's don't do irony. I'm never going to steer this away from BIND and back to nslookup, and if you can't beat'em... I think you're quite correct in pointing this out. The argument for keeping BIND as part of the base system is similar to the argument for including Apache or Samba. If you're running a server you're probably going to need one or other, or both; probably more than BIND. And while we're at it, how about replacing imapd and qpopper (anyone for a REAL security problem???) with Dovecot, and ftpd with PureFTP and.... So I'm actually okay with installing BIND from ports, as long as it works. But these are all services. nslookup is a utility, normally found in /usr/bin (not /usr/local...). It's the only utility to have been removed from the system binary directories. I don't know if this is written somewhere in blood, but I've spent the last 30 years assuming anything in /bin and /usr/bin is going to be safe to use in scripts because it will always be there. I reckon history is on my side here! Sendmail could be considered a bit dated too. Will that be next? If so, with "... | mail root" still work? Regards, Frank.