[dns-operations] a note on fetching the root zone using "dig"

m3047 m3047 at m3047.net
Thu Nov 1 19:35:37 UTC 2018

Is there increased potential for homographs to be missed with this 
default? I assume Paul's use case is automated, but I'm not sure about an 
incident responder looking through dig output at 3AM. On the other hand 
somebody scanning for something which is already IDN could find xn-- 
output more difficult to look at.

The failure here isn't really a default per se, it is a default combined 
with installation and also runtime artifacts.


Fred Morris

On Wed, 31 Oct 2018, Paul Vixie wrote:
> [...]
> today i started getting this:
>> [yeti-dns.tisf:amd64] dig @f.root-servers.net . axfr > ~/foo
>> dig: Cannot represent 'ns1.xn--cg4bki.centralnic-dns.com.' in the current 
>> locale (string encoding error), use +noidnout or a different locale
>> [...]

More information about the dns-operations mailing list