[dns-operations] Old version of dig on macOS
Anand Buddhdev
anandb at ripe.net
Mon Dec 18 22:02:16 UTC 2023
On 18/12/2023 19:48, Weinberg, Matt via dns-operations wrote:
Hi Matt,
> The latest patched versions of macOS Ventura (13.6.3) and Sonoma
> (14.1.2) both include an old version of the dig client:
>
> % dig -v
> DiG 9.10.6
>
> I only noticed the issue when I attempted to retrieve the ZONEMD record
> of the root zone from my MacBook (it didn’t work). I can’t speak to
> whether this older version of dig is missing any other features (or
> addresses any security concerns).
>
> Anyone know how best to nudge Apple into updating the default dig client
> on macOS? Thoughts either way?
ISC switched to the MPL 2.0 license for BIND version 9.11 onwards. I
don't know the details, but I believe that Apple cannot or does not wish
to distribute code with this license. That's why dig is stuck at version
9.10, and this situation is unlikely to change.
You're better off installing Homebrew, and using that to install the
latest versions of BIND or Knot DNS. These will provide you with up to
date versions of "dig" and "kdig". Both of these tools are suitable for
all kinds of modern DNS usage. I personally prefer kdig, because it is
more consistent than dig in some ways, and is also the only tool capable
of doing queries over QUIC.
Regards,
Anand
More information about the dns-operations
mailing list