in defense of nslookup

Jim Reid jim at rfc1035.com
Wed Aug 7 21:08:38 UTC 2002


>>>>> "Michael" == Michael E Hanson <MEHanson at GryphonsGate.com> writes:

    Michael> Because every DNS server I've ever worked with,
    Michael> regardless of O/S, has nslookup, and a lot of O/S's
    Michael> include nslookup as part of the standard TCP/IP tool set
    Michael> whether DNS is installed or not.

Lots of OS's ship with really bad software. That doesn't mean we
should use it. Or accept inferior tools.

    Michael> The only places I've consistently found "host" or "dig"
    Michael> are on DNS servers that include the latest and greatest
    Michael> version if BIND.

I think this conclusively proves the point. Who knows what other DNS
nasties lurk in the places that don't have an up to date version of
BIND installed? And why would anybody settle for running DNS tools
with an old, buggy (and possibly insecure) version of BIND? A place
that only has nslookup as a DNS tool should cause very loud alarms
bells to start ringing, telling you to get the hell out of there.


More information about the bind-users mailing list