[dns-operations] [Ext] Signing on the fly and UltraDNS

Paul Hoffman paul.hoffman at icann.org
Tue Jan 5 20:53:11 UTC 2021

On Jan 5, 2021, at 12:41 PM, John Levine <johnl at taugh.com> wrote:
> In article <853ECE14-271F-4E93-9473-D1DBDE8361C1 at icann.org> you write:
>> On Jan 5, 2021, at 11:20 AM, Dave Lawrence <tale at dd.org> wrote:
>>> Paul Hoffman writes:
>>>> I am using tools that expect host names instead of domain names (in
>>>> this case, dig);
>>> I think I must be misunderstanding something, or at least haven't
>>> imagined widely enough the possibilities of your meaning here.  dig
>>> has a particular expectation for hostnames either owning or in the
>>> rdata of an NSEC record?  That's surprising to me.  Not inconceivable,
>>> of course, but definitely surprising.
>> I started this thread with:
>>  dig +dnssec +noidnout anynameyouwant.house.gov a
>> Try that without the +noidnout option.
> With DiG 9.16.10 I get the same result either way.  What do you get?

Using the same version as you:
   dig: '-.house.gov.' is not a legal IDNA2008 name (string start/ends with forbidden hyphen), use +noidnout
Maybe your resolver is not validating?

--Paul Hoffman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2584 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210105/56c5ccbb/attachment.bin>

More information about the dns-operations mailing list