[dns-operations] [Ext] Signing on the fly and UltraDNS

[Dave Lawrence]

I'm not really following your logic, Andrew (or Mark), for how
applying IDNA rules is relevant to interpreting the labels in
question.

Yes, I read your cited text from RFC 5890, but still am not grokking
how it is relevant for dig choking on -.house.gov just because IDN
output is enabled.  It seems to me it would just get categorized as
"NON-LDH labels" per the diagram in 2.3.1, and should then just be
ignored as far as IDNA output processing is concerned.  Though, in
fairness, I will also admit that I don't have much more support for
that position, in that "NON-LDH" appears nowhere beyond that diagram,
and there's seems to be no explicit statement covering that category
in the rest of 2.3.2.

Where are you seeing the incorporating text that indicates that
encountering them they should attempt to be interpreted as IDNA for
output?  Why is the unitary hyphen being handled specially there but
not, say, # which also appears in the NON-LDH label category?
(Which I just tested with no problems.)

I'll go back to my earliest assertion that even if isn't properly a
bug, boy is it surprising.