[dns-operations] [Ext] Signing on the fly and UltraDNS

Paul Hoffman paul.hoffman at icann.org
Wed Jan 6 18:34:55 UTC 2021

On Jan 6, 2021, at 10:26 AM, Evan Hunt <each at isc.org> wrote:
> On Wed, Jan 06, 2021 at 03:24:10AM +0000, Evan Hunt wrote:
>> I wonder aloud if dig's default behavior should be to try IDN and
>> silently fall back to conventional output formatting if it fails.
>> I imagine there are situations where you'd want the rules strictly
>> enforced, but I'm not sure if there was a good reason to do that by
>> default.
> Ondrej has just reminded me that IDN conversion is disabled by
> default if stdout isn't a TTY, so the use of dig in scripts should
> be unaffected by this problem. (For example, it works fine if you
> use "dig +dnssec whatever.house.gov | cat".)

For this experiment, dig was being run in a Python script using subprocess.run. I do not know why dig would think that was a TTY.
   r = subprocess.run("dig @ +dnssec +yaml {} A".format(this_name), shell=True, capture_output=True, encoding="utf-8", check=True)
Given the errors, I had to add the +noidnout option.

--Paul Hoffman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2584 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210106/756b34e5/attachment.bin>

More information about the dns-operations mailing list