Is there a way of installing dig or nslookup without BIND (preferably without compilation)? BIND is known to be a huge security hole, and all I need is the ability to resolve domain names to their A record IP address, so I can doublecheck that all my domain names are resolving to their correct IP address. Simple alternatives are acceptable too, as long as they can run and pipe in a shell script. This is for Debian 9.
Add a comment |
1 Answer
You can install the dnsutils package containing dig or nslookup, and leave alone the bind9 package containing the BIND daemon which you do not need. (Thanks to @telcoM for adding this info in a comment.)
In general, when all utilities come in the same package, you can simply choose not to enable the service if you don't need it. Except extraordinary cases, all vulnerabilities of a service rely on exploits against a running daemon, not against binaries who just sit there.
- Doesn't the BIND daemon get enabled automatically? I'm afraid if I install it and then disable it, that it may cause problems later on through entanglement, or even get instantiated automatically by some other process. I've been doing this too long to blindly trust system devs. BIND has a long history of screw-ups.RJ Higgs– RJ Higgs2019-08-26 09:17:09 +00:00Commented Aug 26, 2019 at 9:17
- 3The package that contains both
digandnslookupin Debian 9 is nameddnsutils. It depends on package namedbind9-host, but that is not the BIND daemon - it's just thehostcommand-line tool from the BIND source distribution, because some of the utilities indnsutilsneed it to work. The daemon package is named simplybind9, and you can certainly avoid installing it.telcoM– telcoM2019-08-26 09:24:35 +00:00Commented Aug 26, 2019 at 9:24 - Ok, thank you very much for your help and explanations :)RJ Higgs– RJ Higgs2019-08-26 09:28:05 +00:00Commented Aug 26, 2019 at 9:28
- 1@RJHiggs You can always accept answers to your own questions, regardless of your reputation.2019-08-26 11:17:52 +00:00Commented Aug 26, 2019 at 11:17
- 1+1. also worth mentioning is that the
hostcommand inbind9-hostis often more useful for scripting purposes than eitherdigornslookup- terse output, easy to extract just the data you need (like the IP address).digis more useful if you're investigating DNS-related problems.cas– cas2019-08-27 01:03:14 +00:00Commented Aug 27, 2019 at 1:03