Bug 211507 - Hook unbound-host into build
Summary: Hook unbound-host into build
Status: Closed Not A Bug
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Dag-Erling Smørgrav
Keywords: easy, feature, needs-qa, patch
Depends on:
Reported: 2016-08-01 19:07 UTC by Shawn Webb
Modified: 2016-10-04 14:47 UTC (History)
4 users (show)

See Also:

unbound-host.patch (887 bytes, patch)
2016-08-01 19:07 UTC, Shawn Webb
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Shawn Webb 2016-08-01 19:07:24 UTC
Created attachment 173165 [details]

unbound-host is part of unbound and is quite a useful utility. The source for unbound-host is already provided in base. Attached is a patch that hooks up unbound-host to the build.
Comment 1 Dag-Erling Smørgrav freebsd_committer 2016-08-11 07:42:52 UTC
What does unbound-host provide that ldns-host, which is already in base, doesn't?
Comment 2 Shawn Webb 2016-08-12 01:29:21 UTC
(In reply to Dag-Erling Smørgrav from comment #1)

Easy DNSSEC validation. Note that unbound-host is already in base as well, but it isn't hooked up to the build.
Comment 3 Shawn Webb 2016-09-30 15:55:35 UTC
Comment 4 Mark Felder freebsd_committer 2016-10-02 18:39:54 UTC
The first time I used unbound was on Linux and I discovered unbound-host which felt like a natural replacement for the bind host. When I used unbound on FreeBSD (base) I was confused about its absence and then forgot to bring it up. Can we at least hook this up so we provide a consistent experience for those migrating from Linux?
Comment 5 Dag-Erling Smørgrav freebsd_committer 2016-10-02 20:37:45 UTC
I don't understand the problem.  Linux, *BSD and other Nixes have always had a host(1) command.  While some Linux distributions may include Unbound and unbound-host out of the box, this is a recent development and far from the rule.  FreeBSD already has a perfectly good host(1) command based on the same underlying resolver library as Unbound, and I see no reason to replace it with unbound-host, nor do I see any reason to install unbound-host alongside it.

DNSSEC validation and other advanced operations can be performed with either drill(1) in base or dig(1) from the bind-tools package.  Alternatively, you may suggest additional features to the author of our existing host(1) implementation.  I have found him to be quite responsive.
Comment 6 Shawn Webb 2016-10-02 23:26:03 UTC
(In reply to Dag-Erling Smørgrav from comment #5)
Have you tried to use drill in a scripted environment for using DNSSEC-validated queries? If so, you'll know how much of a pain it is to parse drill's output securely. unbound-host's output is sane and easy to parse.

So, are we going to talk about the color of the bike shed or simply merge the small patch?