[dns-operations] Old version of dig on macOS

Anand Buddhdev anandb at ripe.net
Mon Dec 18 22:02:16 UTC 2023

On 18/12/2023 19:48, Weinberg, Matt via dns-operations wrote:

Hi Matt,

> The latest patched versions of macOS Ventura (13.6.3) and Sonoma
> (14.1.2) both include an old version of the dig client:
> % dig -v
> DiG 9.10.6
> I only noticed the issue when I attempted to retrieve the ZONEMD record
> of the root zone from my MacBook (it didn’t work).  I can’t speak to
> whether this older version of dig is missing any other features (or
> addresses any security concerns).
> Anyone know how best to nudge Apple into updating the default dig client
>   on macOS?  Thoughts either way?

ISC switched to the MPL 2.0 license for BIND version 9.11 onwards. I 
don't know the details, but I believe that Apple cannot or does not wish 
to distribute code with this license. That's why dig is stuck at version 
9.10, and this situation is unlikely to change.

You're better off installing Homebrew, and using that to install the 
latest versions of BIND or Knot DNS. These will provide you with up to 
date versions of "dig" and "kdig". Both of these tools are suitable for 
all kinds of modern DNS usage. I personally prefer kdig, because it is 
more consistent than dig in some ways, and is also the only tool capable 
of doing queries over QUIC.


More information about the dns-operations mailing list