in defense of nslookup
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Wed Aug 7 21:44:20 UTC 2002
Jim Reid <jim at rfc1035.com> wrote:
>>>>>> "Michael" == Michael E Hanson <MEHanson at GryphonsGate.com> writes:
> Michael> Because every DNS server I've ever worked with,
> Michael> regardless of O/S, has nslookup, and a lot of O/S's
> Michael> include nslookup as part of the standard TCP/IP tool set
> Michael> whether DNS is installed or not.
> Lots of OS's ship with really bad software. That doesn't mean we
> should use it. Or accept inferior tools.
> Michael> The only places I've consistently found "host" or "dig"
> Michael> are on DNS servers that include the latest and greatest
> Michael> version if BIND.
> I think this conclusively proves the point. Who knows what other DNS
> nasties lurk in the places that don't have an up to date version of
> BIND installed? And why would anybody settle for running DNS tools
> with an old, buggy (and possibly insecure) version of BIND? A place
> that only has nslookup as a DNS tool should cause very loud alarms
> bells to start ringing, telling you to get the hell out of there.
Amen !
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list