Dig on openbsd too old ?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Dig on openbsd too old ?

Mik J
Hello,
I'm using Openbsd 6.5 and have DiG 9.4.2-P2 provided with it.This version seems to be old (from 2009) but I couldn't find exactly when it dates.
However new DNS records appeared in 2013 such as CAA in RFC 6844When I dig the CAA record dig returns NXDOMAIN insteadhttps://dns.google.com/query?name=google.com&type=CAA&dnssec=true
Do you think we could have an updated version of dig in Openbsd base ?
Thank you

$ dig CAA google.com

; <<>> DiG 9.4.2-P2 <<>> CAA google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 680
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;CAA.                           IN      A
;; AUTHORITY SECTION:
.                       9534    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2019071800 1800 900 604800 86400

;; Query time: 23 msec
;; WHEN: Thu Jul 18 08:13:43 2019
;; MSG SIZE  rcvd: 96

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2230
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8

;; QUESTION SECTION:
;google.com.                    IN      A
;; ANSWER SECTION:
google.com.             300     IN      A       172.217.18.206




Reply | Threaded
Open this post in threaded view
|

Re: Dig on openbsd too old ?

Otto Moerbeek
On Thu, Jul 18, 2019 at 06:41:12AM +0000, Mik J wrote:

> Hello,
> I'm using Openbsd 6.5 and have DiG 9.4.2-P2 provided with it.This version seems to be old (from 2009) but I couldn't find exactly when it dates.
> However new DNS records appeared in 2013 such as CAA in RFC 6844When I dig the CAA record dig returns NXDOMAIN insteadhttps://dns.google.com/query?name=google.com&type=CAA&dnssec=true
> Do you think we could have an updated version of dig in Openbsd base ?
> Thank you
>
> $ dig CAA google.com

Yes, known. It is on my list to update it, but I don't know when I
will get to it.

If you really need a newer one, you can install isc-bind from packages, it
comes with a newer dig in /usr/local/bin

        -Otto

>
> ; <<>> DiG 9.4.2-P2 <<>> CAA google.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 680
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;CAA.                           IN      A
> ;; AUTHORITY SECTION:
>                        9534    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2019071800 1800 900 604800 86400
>
> ;; Query time: 23 msec
> ;; WHEN: Thu Jul 18 08:13:43 2019
> ;; MSG SIZE  rcvd: 96
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2230
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8
>
> ;; QUESTION SECTION:
> ;google.com.                    IN      A
> ;; ANSWER SECTION:
> google.com.             300     IN      A       172.217.18.206
>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Dig on openbsd too old ?

Mik J
 Thank you Otto for your quick answer.

    Le jeudi 18 juillet 2019 à 08:54:02 UTC+2, Otto Moerbeek <[hidden email]> a écrit :  
 
 On Thu, Jul 18, 2019 at 06:41:12AM +0000, Mik J wrote:

> Hello,
> I'm using Openbsd 6.5 and have DiG 9.4.2-P2 provided with it.This version seems to be old (from 2009) but I couldn't find exactly when it dates.
> However new DNS records appeared in 2013 such as CAA in RFC 6844When I dig the CAA record dig returns NXDOMAIN insteadhttps://dns.google.com/query?name=google.com&type=CAA&dnssec=true
> Do you think we could have an updated version of dig in Openbsd base ?
> Thank you
>
> $ dig CAA google.com

Yes, known. It is on my list to update it, but I don't know when I
will get to it.

If you really need a newer one, you can install isc-bind from packages, it
comes with a newer dig in /usr/local/bin

    -Otto

>
> ; <<>> DiG 9.4.2-P2 <<>> CAA google.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 680
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;CAA.                           IN      A
> ;; AUTHORITY SECTION:
>                        9534    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2019071800 1800 900 604800 86400
>
> ;; Query time: 23 msec
> ;; WHEN: Thu Jul 18 08:13:43 2019
> ;; MSG SIZE  rcvd: 96
>
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2230
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 8
>
> ;; QUESTION SECTION:
> ;google.com.                    IN      A
> ;; ANSWER SECTION:
> google.com.             300     IN      A       172.217.18.206
>
>
>
>
 
Reply | Threaded
Open this post in threaded view
|

Re: Dig on openbsd too old ?

Stuart Henderson
On 2019-07-18, Mik J <[hidden email]> wrote:

>  Thank you Otto for your quick answer.
>
>     Le jeudi 18 juillet 2019 à 08:54:02 UTC+2, Otto Moerbeek <[hidden email]> a écrit :  
>  
>  On Thu, Jul 18, 2019 at 06:41:12AM +0000, Mik J wrote:
>
>> Hello,
>> I'm using Openbsd 6.5 and have DiG 9.4.2-P2 provided with it.This version seems to be old (from 2009) but I couldn't find exactly when it dates.
>> However new DNS records appeared in 2013 such as CAA in RFC 6844When I dig the CAA record dig returns NXDOMAIN insteadhttps://dns.google.com/query?name=google.com&type=CAA&dnssec=true
>> Do you think we could have an updated version of dig in Openbsd base ?
>> Thank you
>>
>> $ dig CAA google.com
>
> Yes, known. It is on my list to update it, but I don't know when I
> will get to it.

BIND switched license to MPL, AFAIK this is no good for base. Personally
I would be happier to just remove it than update to a still-old version
as it gets in the way of running something current ..

> If you really need a newer one, you can install isc-bind from packages, it
> comes with a newer dig in /usr/local/bin

I do this, and have an alias in .kshrc:

alias dig=/usr/local/bin/dig


Reply | Threaded
Open this post in threaded view
|

Re: Dig on openbsd too old ?

Otto Moerbeek
On Sat, Jul 20, 2019 at 12:29:04PM -0000, Stuart Henderson wrote:

> On 2019-07-18, Mik J <[hidden email]> wrote:
> >  Thank you Otto for your quick answer.
> >
> >     Le jeudi 18 juillet 2019 à 08:54:02 UTC+2, Otto Moerbeek <[hidden email]> a écrit :  
> >  
> >  On Thu, Jul 18, 2019 at 06:41:12AM +0000, Mik J wrote:
> >
> >> Hello,
> >> I'm using Openbsd 6.5 and have DiG 9.4.2-P2 provided with it.This version seems to be old (from 2009) but I couldn't find exactly when it dates.
> >> However new DNS records appeared in 2013 such as CAA in RFC 6844When I dig the CAA record dig returns NXDOMAIN insteadhttps://dns.google.com/query?name=google.com&type=CAA&dnssec=true
> >> Do you think we could have an updated version of dig in Openbsd base ?
> >> Thank you
> >>
> >> $ dig CAA google.com
> >
> > Yes, known. It is on my list to update it, but I don't know when I
> > will get to it.
>
> BIND switched license to MPL, AFAIK this is no good for base. Personally
> I would be happier to just remove it than update to a still-old version
> as it gets in the way of running something current ..

yes, agreed, the latest version for us would be 9.10.8 released about a
year ago.

IMO we should have at least a basic resolve command in base.

        -Otto



>
> > If you really need a newer one, you can install isc-bind from packages, it
> > comes with a newer dig in /usr/local/bin
>
> I do this, and have an alias in .kshrc:
>
> alias dig=/usr/local/bin/dig
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Dig on openbsd too old ?

Theo de Raadt-2
In reply to this post by Mik J
>From owner-misc+M179500=deraadt=[hidden email] Sat Jul 20 06:29:27 2019
>Delivered-To: [hidden email]
>X-Injected-Via-Gmane: http://gmane.org/
>To: [hidden email]
>From: Stuart Henderson <[hidden email]>
>Subject: Re: Dig on openbsd too old ?
>Date: Sat, 20 Jul 2019 12:29:04 -0000 (UTC)
>References: <[hidden email]>
> <[hidden email]>
> <[hidden email]>
> <[hidden email]>
>Mime-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>User-Agent: slrn/1.0.2 (OpenBSD)
>List-Help: <mailto:[hidden email]?body=help>
>List-ID: <misc.openbsd.org>
>List-Owner: <mailto:[hidden email]>
>List-Post: <mailto:[hidden email]>
>List-Subscribe: <mailto:[hidden email]?body=sub%20misc>
>List-Unsubscribe: <mailto:[hidden email]?body=unsub%20misc>
>X-Loop: [hidden email]
>Precedence: list
>Sender: [hidden email]
>
>On 2019-07-18, Mik J <[hidden email]> wrote:
>>  Thank you Otto for your quick answer.
>>
>>     Le jeudi 18 juillet 2019 ?? 08:54:02 UTC+2, Otto Moerbeek <[hidden email]> a ??crit :  
>>  
>>  On Thu, Jul 18, 2019 at 06:41:12AM +0000, Mik J wrote:
>>
>>> Hello,
>>> I'm using Openbsd 6.5 and have DiG 9.4.2-P2 provided with it.This version seems to be old (from 2009) but I couldn't find exactly when it dates.
>>> However new DNS records appeared in 2013 such as CAA in RFC 6844When I dig the CAA record dig returns NXDOMAIN insteadhttps://dns.google.com/query?name=google.com&type=CAA&dnssec=true
>>> Do you think we could have an updated version of dig in Openbsd base ?
>>> Thank you
>>>
>>> $ dig CAA google.com
>>
>> Yes, known. It is on my list to update it, but I don't know when I
>> will get to it.
>
>BIND switched license to MPL, AFAIK this is no good for base. Personally
>I would be happier to just remove it than update to a still-old version
>as it gets in the way of running something current ..

Remove it?  Unlikely.  There are many situations where people prefer
older+sufficient software rather than running pkg_add.

What is missing in the conversation is the normal process of "oh look a bug,
can we try to fix it".  Someone want to take a shot at it?