[dns-operations] [Ext] Signing on the fly and UltraDNS

John Levine johnl at taugh.com
Tue Jan 5 21:01:36 UTC 2021

In article <20210105204121.C4D925829D80 at ary.qy> you write:
>In article <853ECE14-271F-4E93-9473-D1DBDE8361C1 at icann.org> you write:
>>On Jan 5, 2021, at 11:20 AM, Dave Lawrence <tale at dd.org> wrote:
>>> Paul Hoffman writes:
>>>> I am using tools that expect host names instead of domain names (in
>>>> this case, dig);
>>> I think I must be misunderstanding something, or at least haven't
>>> imagined widely enough the possibilities of your meaning here.  dig
>>> has a particular expectation for hostnames either owning or in the
>>> rdata of an NSEC record?  That's surprising to me.  Not inconceivable,
>>> of course, but definitely surprising.
>>I started this thread with:
>>   dig +dnssec +noidnout anynameyouwant.house.gov a
>>Try that without the +noidnout option.
>With DiG 9.16.10 I get the same result either way.  What do you get?

Oh, OK, I tried a different name and got:

dig: '-.house.gov.' is not a legal IDNA2008 name (string start/ends with forbidden hyphen), use +noidnout

That's a dig bug.  It's a perfectly valid DNS name albeit a fairly ugly one.

More information about the dns-operations mailing list