[dns-operations] a note on fetching the root zone using "dig"

Mukund Sivaraman muks at mukund.org
Fri Nov 2 11:06:54 UTC 2018

On Thu, Nov 01, 2018 at 01:10:39PM -0700, Paul Vixie wrote:
> Stephane Bortzmeyer wrote:
> > ...
> > 
> > For script use, it seems to me that the good practice is to be
> > explicit (put all the options you rely on). It may be a long list but
> > you type it only once, and it makes your script both more robust and
> > better documented.
> i do this. but i did not know about +noidnout until the day when the
> defaults changed. while this was in this case caused by the freebsd ports
> team and their change to an internal ./configure invocation, i still think
> that nothing ./configure can do should change the default for tools. (this
> is how shell scripts remain portable.)
> so back in BIND9 V9.10 when idn support was added, the default for dig
> should have been "backward compatibility", that is, no IDN output unless the
> user asks for it AND the libraries supported it.

Distros like Fedora (and I guess RHEL/CentOS too) have defaulted to IDN
being on in BIND RPM builds for years now (even before this IDN code
refactoring and addition of +noidnout). Previously one had to set
environment variables to turn it off.

I agree it should be off by default, as some things like loading a dig
+onesoa axfr output would have issues even when there are no conversion


More information about the dns-operations mailing list