[dns-operations] fun for the holidaze

Phil Pennock phil.pennock at spodhuis.org
Mon Nov 30 23:27:28 UTC 2009 

On 2009-11-28 at 18:57 +0900, Randy Bush wrote:
> my friend, phil, is not on this list but has a cute test zone at which
> you may want to throw queries from various resolvers.  and he sez
> 
> > % host foo.bar.test.globnix.net
> > foo.bar.test.globnix.net has address 192.0.2.3
> > % host 'foo\.bar.test.globnix.net'
> > foo\.bar.test.globnix.net has address 192.0.2.4

I just upgraded bind to 9.6.x (from 9.4.x); this added IDN support into
the host and dig commands (and probably others).

% host 'foo.bar.test.globnix.net' 
foo.bar.test.globnix.net has address 192.0.2.3
% host 'foo\.bar.test.globnix.net'
host: convert UTF-8 textname to IDN encoding: prohibited character found
% host 'Philip Pennock woz ere.test.globnix.net'
host: convert UTF-8 textname to IDN encoding: prohibited character found
% host 'shoot-self-in-foot\..test.globnix.net' 
host: convert UTF-8 textname to IDN encoding: label length reduced to 0 or exceeded 63 bytes
% host long-hostname-carefully-selected-to-expose-fixed-length-buffers.test.globnix.net.
long-hostname-carefully-selected-to-expose-fixed-length-buffers.test.globnix.net has address 192.0.2.7

The error message on 'shoot-self-in-foot\..test.globnix.net' is
intriguing, since the extra character is the same one that was listed as
prohibited when in the middle of a label.

In all cases, putting IDN_DISABLE=t into the environment of host/dig
lets the lookup succeed.  Interesting that this is the one knob to
dig(1) controlled via an environment variable instead of something like
+noidn -- but why should we care about consistency?  ;)

% IDN_DISABLE=t host 'bar.test.globnix.net' 
bar.test.globnix.net has address 192.0.2.2
% IDN_DISABLE=t host 'foo.bar.test.globnix.net' 
foo.bar.test.globnix.net has address 192.0.2.3
% IDN_DISABLE=t host 'foo\.bar.test.globnix.net'            
foo\.bar.test.globnix.net has address 192.0.2.4
% IDN_DISABLE=t host 'Philip Pennock woz ere.test.globnix.net'
Philip\032Pennock\032woz\032ere.test.globnix.net has address 192.0.2.5
% IDN_DISABLE=t host 'shoot-self-in-foot\..test.globnix.net'  
shoot-self-in-foot\..test.globnix.net has address 192.0.2.6

Regards,
-Phil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20091130/b896e7bb/attachment.sig>

More information about the dns-operations mailing list