Bug 211507

Summary: Hook unbound-host into build
Product: Base System Reporter: Shawn Webb <shawn.webb>
Component: binAssignee: Dag-Erling Smørgrav <des>
Status: Closed Not A Bug    
Severity: Affects Some People CC: des, feld, koobs, pi
Priority: --- Keywords: easy, feature, needs-qa, patch
Version: CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
unbound-host.patch none

Description Shawn Webb 2016-08-01 19:07:24 UTC 
Created attachment 173165 [details]
unbound-host.patch

unbound-host is part of unbound and is quite a useful utility. The source for unbound-host is already provided in base. Attached is a patch that hooks up unbound-host to the build.
Comment 1 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2016-08-11 07:42:52 UTC 
What does unbound-host provide that ldns-host, which is already in base, doesn't?
Comment 2 Shawn Webb 2016-08-12 01:29:21 UTC 
(In reply to Dag-Erling Smørgrav from comment #1)

Easy DNSSEC validation. Note that unbound-host is already in base as well, but it isn't hooked up to the build.
Comment 3 Shawn Webb 2016-09-30 15:55:35 UTC 
Ping?
Comment 4 Mark Felder freebsd_committer freebsd_triage 2016-10-02 18:39:54 UTC 
The first time I used unbound was on Linux and I discovered unbound-host which felt like a natural replacement for the bind host. When I used unbound on FreeBSD (base) I was confused about its absence and then forgot to bring it up. Can we at least hook this up so we provide a consistent experience for those migrating from Linux?
Comment 5 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2016-10-02 20:37:45 UTC 
I don't understand the problem.  Linux, *BSD and other Nixes have always had a host(1) command.  While some Linux distributions may include Unbound and unbound-host out of the box, this is a recent development and far from the rule.  FreeBSD already has a perfectly good host(1) command based on the same underlying resolver library as Unbound, and I see no reason to replace it with unbound-host, nor do I see any reason to install unbound-host alongside it.

DNSSEC validation and other advanced operations can be performed with either drill(1) in base or dig(1) from the bind-tools package.  Alternatively, you may suggest additional features to the author of our existing host(1) implementation.  I have found him to be quite responsive.
Comment 6 Shawn Webb 2016-10-02 23:26:03 UTC 
(In reply to Dag-Erling Smørgrav from comment #5)
Have you tried to use drill in a scripted environment for using DNSSEC-validated queries? If so, you'll know how much of a pain it is to parse drill's output securely. unbound-host's output is sane and easy to parse.

So, are we going to talk about the color of the bike shed or simply merge the small patch?