[dns-operations] friday version of dnscap

Paul Vixie paul at vix.com
Mon May 7 15:59:22 UTC 2007

> > what's your advice, then?  if i remove the "-g" feature and recode ns_put32
> > to be a macro call, then the libbind dependency will go away.  or, i could
> > put a copy of libbind into the dnscap tarball.
> Where does dig get its output routines from?  It doesn't appear to
> link against libbind.  Has it got its own copy?

dig in bind9 has its own.  dig in bind8 uses libbind's fp_nquery().

> From a distribution maintainer's point of view, duplicating the code
> is a bad idea, especially since it's exposed to network traffic.  If a
> problem comes up, we want to issue a single update (well, for each
> supported branch).  Hunting down all copies of zlib was quite painful.

so, i think the reason i didn't notice that libbind is hard to get from
/usr/ports is that i don't use /usr/ports for bind9, i do the old dance:

	   (untar or cvs update)
	   ./configure ... --enable-libbind
	   make install
	   make clean

i think that if /usr/ports' version of bind9 does not build with
--enable-libbind then it should be revised, and when dnscat goes into
/usr/ports, the port for dnscap should depend on the revised bind9 port.

but apparently it's a lot harder to fix the rpm system on linux?

i've already grown accustomed to -g.  i could #ifdef it maybe?  something
like "#ifndef NO_LIBBIND_AVAILABLE" ?

how much should the lack of bind9 installation automation limit dnscat's
feature level?

More information about the dns-operations mailing list