On 18/12/2023 19:48, Weinberg, Matt via dns-operations wrote:
Hi Matt,
The latest patched versions of macOS Ventura (13.6.3) and Sonoma (14.1.2) both include an old version of the dig client: % dig -v DiG 9.10.6 I only noticed the issue when I attempted to retrieve the ZONEMD record of the root zone from my MacBook (it didn’t work). I can’t speak to whether this older version of dig is missing any other features (or addresses any security concerns). Anyone know how best to nudge Apple into updating the default dig client on macOS? Thoughts either way?
ISC switched to the MPL 2.0 license for BIND version 9.11 onwards. I don't know the details, but I believe that Apple cannot or does not wish to distribute code with this license. That's why dig is stuck at version 9.10, and this situation is unlikely to change.
You're better off installing Homebrew, and using that to install the latest versions of BIND or Knot DNS. These will provide you with up to date versions of "dig" and "kdig". Both of these tools are suitable for all kinds of modern DNS usage. I personally prefer kdig, because it is more consistent than dig in some ways, and is also the only tool capable of doing queries over QUIC.
Regards, Anand _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
