[dns-operations] [Ext] Signing on the fly and UltraDNS
Paul Hoffman
paul.hoffman at icann.org
Tue Jan 5 20:53:11 UTC 2021
On Jan 5, 2021, at 12:41 PM, John Levine <johnl at taugh.com> wrote:
>
> In article <853ECE14-271F-4E93-9473-D1DBDE8361C1 at icann.org> you write:
>> On Jan 5, 2021, at 11:20 AM, Dave Lawrence <tale at dd.org> wrote:
>>>
>>> Paul Hoffman writes:
>>>> I am using tools that expect host names instead of domain names (in
>>>> this case, dig);
>>>
>>> I think I must be misunderstanding something, or at least haven't
>>> imagined widely enough the possibilities of your meaning here. dig
>>> has a particular expectation for hostnames either owning or in the
>>> rdata of an NSEC record? That's surprising to me. Not inconceivable,
>>> of course, but definitely surprising.
>>
>> I started this thread with:
>> dig +dnssec +noidnout anynameyouwant.house.gov a
>> Try that without the +noidnout option.
>
> With DiG 9.16.10 I get the same result either way. What do you get?
Using the same version as you:
dig: '-.house.gov.' is not a legal IDNA2008 name (string start/ends with forbidden hyphen), use +noidnout
Maybe your resolver is not validating?
--Paul Hoffman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2584 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210105/56c5ccbb/attachment.bin>
More information about the dns-operations
mailing list