On Jan 5, 2021, at 12:41 PM, John Levine <[email protected]> wrote: > > In article <[email protected]> you write: >> On Jan 5, 2021, at 11:20 AM, Dave Lawrence <[email protected]> wrote: >>> >>> Paul Hoffman writes: >>>> I am using tools that expect host names instead of domain names (in >>>> this case, dig); >>> >>> I think I must be misunderstanding something, or at least haven't >>> imagined widely enough the possibilities of your meaning here. dig >>> has a particular expectation for hostnames either owning or in the >>> rdata of an NSEC record? That's surprising to me. Not inconceivable, >>> of course, but definitely surprising. >> >> I started this thread with: >> dig +dnssec +noidnout anynameyouwant.house.gov a >> Try that without the +noidnout option. > > With DiG 9.16.10 I get the same result either way. What do you get?
Using the same version as you: dig: '-.house.gov.' is not a legal IDNA2008 name (string start/ends with forbidden hyphen), use +noidnout Maybe your resolver is not validating? --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
