[dns-operations] a note on fetching the root zone using "dig"

Mark Andrews marka at isc.org
Thu Nov 1 22:05:20 UTC 2018

Maintenance releases don’t change defaults.  Major releases do change defaults.  That way you know when to look for differences.

If we don’t change defaults, dig would not be doing EDNS, nor DNS COOKIE both of which are really needed.
Dig +trace wouldn’t be doing +dnssec which mirrors what named emits.

Newer versions do EDNS version negotiation (+[no]ednsnegotiation) by default.

There are competing interests here.

+noidnout works with dig compiled w/o idn support.  You get a message to say that it is not supported buy it isn’t fatal.

#ifndef WITH_IDN
                                fprintf(stderr, ";; IDN support not enabled\n");
                                lookup->idnout = state;


> On 2 Nov 2018, at 7:11 am, Patrick Mevzek <mevzek at uniregistry.com> wrote:
> On 2018-11-01 14:58 -0500, Anand Buddhdev wrote:> However, "idnout" is different. It works, or not, depending on how dig
>> was compiled. This means that dig's behaviour is going to be different
>> depending on various things (compile-time settings, a user's locale,
>> etc).
> And the version.
> My "DiG 9.9.5-9+deb8u14-Debian"
> only says:
>       If dig has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names.  dig appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the IDN_DISABLE environment variable. The
>       IDN support is disabled if the variable is set when dig runs.
> (no idnout option there whatsoever)
> where my "DiG 9.12.0" says
>       +[no]idnout
>           Convert [do not convert] puny code on output. This requires IDN SUPPORT to have been enabled at compile time. The default is to convert output.
>> For such an option, I think that dig needs to default to a
>> behhaviour of least surprise. And this is why it should not be on by
>> default.
> I agree with you but I am sure least surprise could still be argued.
> However I would say, that outputs from one version to another should not change by default, so when "idnout" flag was introduced, since previous version by default did not IDN decode, then newer versions should not either, which means as if +noidnout is passed by default.
> -- 
> Patrick Mevzek
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the dns-operations mailing list