Actually those two are subtly different. One of them has a single string, and Perl will hand that string to the shell to parse. If $host contains any special shell characters, the shell will interpret them; for example if $host was set to:

www.google.com; rm /path/to/your/script
[download]

the shell will see something like:

/bin/nslookup -type=any www.google.com; rm /path/to/your/script 2>&1 |
+";
[download]

and will go ahead and try to remove your script, if it has permission. That is why Perl won't let you do it with taint mode on.

The multi-argument piped open doesn't send anything to the shell, and so avoids this problem.

There is also a difference in where standard error goes. In the first example it will be read from the pipe; in the second it will go to the original program's standard error, perhaps to a Web server error log.

Finally, for this particular purpose, there is probably a module available on CPAN (like Net::DNS) that will do the work without using an external program at all.

Good luck!