Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 25 Jan 2014 14:26:26 -0600
From:      Matthew Pherigo <>
To:        Frank Leonhardt <>,
Subject:   Re: Why was nslookup removed from FreeBSD 10?
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
To my understanding, almost half of all the security vulnerabilities in the e=
ntire lifetime of the FreeBSD project have been from BIND. Personally, I'd s=
ay that's "pretty spectacular."


> On Jan 25, 2014, at 1:52 PM, Frank Leonhardt <> wrote:
>> On 25/01/2014 19:37, Mark Tinka wrote:
>> On Saturday, January 25, 2014 09:13:08 PM Frank Leonhardt
>> wrote:
>>> Unbelievable, but true - someone somewhere thought that
>>> removing nslookup from the base system was the way to
>>> go.
>>> Why? Can anyone shed any light on how this decision was
>>> made?
>> If you read:
>> Under the "2.3. Userland Changes" section, you will notice:
>>    "BIND has been removed from the base system.
>>     unbound(8), which is maintained by NLnet Labs, has
>>     been imported to support local DNS resolution
>>     functionality with DNSSEC. Note that it is not a
>>     replacement of BIND and the latest versions of BIND
>>     is still available in the Ports Collection. With
>>     this change, nslookup and dig are no longer a part
>>     of the base system. Users should instead use
>>     host(1) and drill(1) Alternatively, nslookup and
>>     dig can be obtained by installing dns/bind-tools
>>     port. [r255949]"
>> So install /usr/ports/dns/bind-tools and you're a happy guy.
>> As to the philosophy of it all, no point arguing. Fait
>> accompli.
>> Mark.
> As you and Waitman both pointed out, nslookup IS part of BIND, yet as I sa=
id in the diatribe following the question in my post, so is "host" and that'=
s still there. Also Windoze has nslookup but doesn't include BIND. I agree t=
here's no point arguing unless you know the rational behind what appears an a=
rbitrary decision; hence my question. Was this simply an oversight or is the=
re a thought-out reason for it that one can take issue with?
> IIRC, nslookup was present in 4.3BSD, and I'm pretty sure it existed befor=
e that. (That's BSD, not FreeBSD). Its relied on in scripts. The reason for d=
ropping it from the base system must be pretty spectacular.
> FreeBSD 10.0 might be better known as FreeBSD Vista, at this rate.
> Regards, Frank.
> _______________________________________________
> mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.or=

Want to link to this message? Use this URL: <>