[dns-operations] [Ext] Signing on the fly and UltraDNS
paul.hoffman at icann.org
Tue Jan 5 20:53:11 UTC 2021
On Jan 5, 2021, at 12:41 PM, John Levine <johnl at taugh.com> wrote:
> In article <853ECE14-271F-4E93-9473-D1DBDE8361C1 at icann.org> you write:
>> On Jan 5, 2021, at 11:20 AM, Dave Lawrence <tale at dd.org> wrote:
>>> Paul Hoffman writes:
>>>> I am using tools that expect host names instead of domain names (in
>>>> this case, dig);
>>> I think I must be misunderstanding something, or at least haven't
>>> imagined widely enough the possibilities of your meaning here. dig
>>> has a particular expectation for hostnames either owning or in the
>>> rdata of an NSEC record? That's surprising to me. Not inconceivable,
>>> of course, but definitely surprising.
>> I started this thread with:
>> dig +dnssec +noidnout anynameyouwant.house.gov a
>> Try that without the +noidnout option.
> With DiG 9.16.10 I get the same result either way. What do you get?
Using the same version as you:
dig: '-.house.gov.' is not a legal IDNA2008 name (string start/ends with forbidden hyphen), use +noidnout
Maybe your resolver is not validating?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2584 bytes
Desc: not available
More information about the dns-operations