|Summary:||Hook unbound-host into build|
|Product:||Base System||Reporter:||Shawn Webb <shawn.webb>|
|Component:||bin||Assignee:||Dag-Erling Smørgrav <des>|
|Status:||Closed Not A Bug|
|Severity:||Affects Some People||CC:||des, feld, koobs, pi|
|Priority:||---||Keywords:||easy, feature, needs-qa, patch|
Description Shawn Webb 2016-08-01 19:07:24 UTC
Created attachment 173165 [details] unbound-host.patch unbound-host is part of unbound and is quite a useful utility. The source for unbound-host is already provided in base. Attached is a patch that hooks up unbound-host to the build.
Comment 1 Dag-Erling Smørgrav 2016-08-11 07:42:52 UTC
What does unbound-host provide that ldns-host, which is already in base, doesn't?
Comment 2 Shawn Webb 2016-08-12 01:29:21 UTC
(In reply to Dag-Erling SmÃ¸rgrav from comment #1) Easy DNSSEC validation. Note that unbound-host is already in base as well, but it isn't hooked up to the build.
Comment 3 Shawn Webb 2016-09-30 15:55:35 UTC
Comment 4 Mark Felder 2016-10-02 18:39:54 UTC
The first time I used unbound was on Linux and I discovered unbound-host which felt like a natural replacement for the bind host. When I used unbound on FreeBSD (base) I was confused about its absence and then forgot to bring it up. Can we at least hook this up so we provide a consistent experience for those migrating from Linux?
Comment 5 Dag-Erling Smørgrav 2016-10-02 20:37:45 UTC
I don't understand the problem. Linux, *BSD and other Nixes have always had a host(1) command. While some Linux distributions may include Unbound and unbound-host out of the box, this is a recent development and far from the rule. FreeBSD already has a perfectly good host(1) command based on the same underlying resolver library as Unbound, and I see no reason to replace it with unbound-host, nor do I see any reason to install unbound-host alongside it. DNSSEC validation and other advanced operations can be performed with either drill(1) in base or dig(1) from the bind-tools package. Alternatively, you may suggest additional features to the author of our existing host(1) implementation. I have found him to be quite responsive.
Comment 6 Shawn Webb 2016-10-02 23:26:03 UTC
(In reply to Dag-Erling SmÃ¸rgrav from comment #5) Have you tried to use drill in a scripted environment for using DNSSEC-validated queries? If so, you'll know how much of a pain it is to parse drill's output securely. unbound-host's output is sane and easy to parse. So, are we going to talk about the color of the bike shed or simply merge the small patch?