[dns-operations] [Ext] Signing on the fly and UltraDNS
johnl at taugh.com
Tue Jan 5 21:01:36 UTC 2021
In article <20210105204121.C4D925829D80 at ary.qy> you write:
>In article <853ECE14-271F-4E93-9473-D1DBDE8361C1 at icann.org> you write:
>>On Jan 5, 2021, at 11:20 AM, Dave Lawrence <tale at dd.org> wrote:
>>> Paul Hoffman writes:
>>>> I am using tools that expect host names instead of domain names (in
>>>> this case, dig);
>>> I think I must be misunderstanding something, or at least haven't
>>> imagined widely enough the possibilities of your meaning here. dig
>>> has a particular expectation for hostnames either owning or in the
>>> rdata of an NSEC record? That's surprising to me. Not inconceivable,
>>> of course, but definitely surprising.
>>I started this thread with:
>> dig +dnssec +noidnout anynameyouwant.house.gov a
>>Try that without the +noidnout option.
>With DiG 9.16.10 I get the same result either way. What do you get?
Oh, OK, I tried a different name and got:
dig: '-.house.gov.' is not a legal IDNA2008 name (string start/ends with forbidden hyphen), use +noidnout
That's a dig bug. It's a perfectly valid DNS name albeit a fairly ugly one.
More information about the dns-operations