On Thu, May 28, 2026 at 12:17:51AM +0800, Mukund Sivaraman wrote: > On Wed, May 27, 2026 at 09:04:21AM -0400, Paul Wouters wrote: > > > > > > > On May 27, 2026, at 03:09, Lars Eggert <[email protected]> wrote: > > > > > > Hi, > > > > > >> On May 26, 2026, at 20:00, Mukund Sivaraman <[email protected]> wrote: > > >> It is a textual message for users to consume and for clients to display > > >> to users. Web browsers may have strict policies on what they display in > > >> some contexts, but that doesn't mean that DNS should not distribute this > > >> textual information. > > > > > > IMO there is zero chance browsers will show this text to users in *any* > > > context. What other clients do you envision to be different? > > > > And it’s not because they are just stubborn. Any free flow text that an > > attacker can populate will be abused by attackers for malicious messages. > > > > I already have to support some non-technical people inundated with “your > > phone is infected, click here” messages. Free form fields are dangerous. > > > > If this is not an “enduser” free form field, but a debugging thing, > > language tags seem overkill and are rarely used by implementations to > > customize the error message for specific languages > > > > That llms say to use nslookup, a tool that has been obsoleted longer than > > the age of half the people on this list is perhaps an indication that these > > are not strong arguments to use for implementation decisions at the > > protocol level. > > nslookup was deprecated in the BIND tree for a period of time for having > a history of inconsistent behavior and a confusing interface. nslookup > was undeprecated in the BIND tree around the 9.3 timeframe - see change > 1700 in the bind9 CHANGES file, but I don't have the exact version tag > handy. It is available in the Debian bind9-utils package, the Fedora > bind-utils package, etc. and its manpage does not have any notices about > obsoletion or deprecation. (I'm not recommending that nslookup be used > over dig.)
I forgot to mention - I'm not speaking for the BIND project in
anyway. Just noting what I remember from developing a fork of it, what's
in the CHANGES file, and what's in the nslookup manpage. I definitely do
not want to cause any ill will by commenting about BIND history.
And dig being better than nslookup is not contested.
Mukund
signature.asc
Description: PGP signature
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
