[dns-operations] IDNA vs. dig vs. non-IDN labels.
Viktor Dukhovni
ietf-dane at dukhovni.org
Wed Jan 6 18:43:43 UTC 2021
> On Jan 6, 2021, at 2:01 PM, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
>
> Because if you're doing IDNA you have to permit only A-labels and NR-LDH labels, according to RFC 5890. NR-LDH labels are defined in §2.3.2.2, but refer to §2.3.1. In there is this text:
>
> [An LDH label] is the classical label form used, albeit with some additional
> restrictions, in hostnames [RFC0952]. Its syntax is identical to
> that described as the "preferred name syntax" in Section 3.5 of RFC
> 1034 [RFC1034] as modified by RFC 1123 [RFC1123]. Briefly, it is a
> string consisting of ASCII letters, digits, and the hyphen with the
> further restriction that the hyphen cannot appear at the beginning or
> end of the string. Like all DNS labels, its total length must not
> exceed 63 octets.
That mostly makes sense on *input*. But on *output*, when one has
a wire-form DNS name, and is computing a prentation form, if the
wire-form label does not start with "xn--" it makes no sense at
all to apply IDN conversion, or apply rules that pertain to
hostnames for a name that is not a hostname.
So while I acknowledge that one can always specify "+noidnout",
I strongly concur that this is a "dig" bug. Not a showstopper
by any means, but something worth fixing.
--
Viktor.
More information about the dns-operations
mailing list