Re: dig and DNSSEC
On 2015-09-26, "Todd C. Miller"wrote: >> As Unbound/nsd are in base now, perhaps it could be easier to get >> drill in and drop dig ? > > That's a great idea. We'd need to add nslookup(1) and host(1) > wrappers though. Vitaly Magerya wrote a ldns-based host(1): http://hg.tx97.net/ldns-host Imported by FreeBSD: https://svnweb.freebsd.org/base/head/contrib/ldns-host/ -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: dig and DNSSEC
On Sat, 26 Sep 2015 22:03:50 +0200, Denis Fondras wrote: > As Unbound/nsd are in base now, perhaps it could be easier to get > drill in and drop dig ? That's a great idea. We'd need to add nslookup(1) and host(1) wrappers though. - todd
Re: dig and DNSSEC
> dig and nslookup will remain in base. Go look in our tree at the contortions > required to keep them there, since ISC has created a mess of their own > libraries > and makes the 800 lines of nslookup and 7000 lines of dig use them. Hold your > nose when you look, ok? > As Unbound/nsd are in base now, perhaps it could be easier to get drill in and drop dig ?
Re: dig and DNSSEC
On 2015-09-25 15:05, Stuart Henderson wrote: Is there any chance that dig (src/usr.sbin/bind/bin/dig/) could be build with -DDIG_SIGCHASE to enable dnssec verification in future releases? Where would be a proper place to request that? I've just added this to the ports version of BIND (ports/net/isc-bind), packages for this will arrive in future snapshots. You'll probably want to do something like "alias dig=/usr/local/bin/dig" or similar to avoid finding the version from base first in your shell path. Terrific! Thank you so much. By any chance, once the base version of bind is being phased out, do you know if there will still be a dig(1) in the base? Cheers, -- Étienne
Re: dig and DNSSEC
>By any chance, once the base version of bind is being phased out, do you >know if there will still be a dig(1) in the base? dig and nslookup will remain in base. Go look in our tree at the contortions required to keep them there, since ISC has created a mess of their own libraries and makes the 800 lines of nslookup and 7000 lines of dig use them. Hold your nose when you look, ok?
Re: dig and DNSSEC
On 2015-09-24, Etiennewrote: > Hello there, > > Is there any chance that dig (src/usr.sbin/bind/bin/dig/) could be build > with -DDIG_SIGCHASE to enable dnssec verification in future releases? > Where would be a proper place to request that? > > Cheers, > I've just added this to the ports version of BIND (ports/net/isc-bind), packages for this will arrive in future snapshots. You'll probably want to do something like "alias dig=/usr/local/bin/dig" or similar to avoid finding the version from base first in your shell path.
dig and DNSSEC
Hello there, Is there any chance that dig (src/usr.sbin/bind/bin/dig/) could be build with -DDIG_SIGCHASE to enable dnssec verification in future releases? Where would be a proper place to request that? Cheers, -- Étienne