Description of problem: When dig processes IDN names, it converts from the A-label to the U-label on output. However, until recently, dig would always output the A-label when LANG=C. Starting with the update from bind-utils-32:9.11.4-5.P1.fc28.x86_64 to bind-utils-32:9.11.4-10.P2.fc28.x86_64, this broke, and I started getting this error: dig: 'ns1.xn--cg4bki.centralnic-dns.com.' is not a legal IDN name (string encoding error), use +noidnout Version-Release number of selected component (if applicable): bind-utils-9.11.4-10.P2.fc28.x86_64 How reproducible: 100% Steps to Reproduce: 1. export LANG=C 2. dig NS xn--cg4bki. Actual results: dig: 'xn--cg4bki.' is not a legal IDN name (string encoding error), use +noidnout Expected results: +noidnout should occur automatically when LANG=C (or if you want to be hyper-correct, the A-label should be output anytime the locale doesn't support display in U-label form) $ export LANG=C $ dig NS xn--cg4bki. ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-10.P2.fc28 <<>> NS xn--cg4bki. +noidnout ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12481 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 17 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: f978b5d0a6855eb0863c09a55be42e53e886598cff18afe4 (good) ;; QUESTION SECTION: ;xn--cg4bki. IN NS ;; ANSWER SECTION: xn--cg4bki. 86400 IN NS c.xn--cg4bki.dyntld.net. xn--cg4bki. 86400 IN NS b.xn--cg4bki.dyntld.net. xn--cg4bki. 86400 IN NS ns1.xn--cg4bki.centralnic-dns.com. xn--cg4bki. 86400 IN NS a.xn--cg4bki.dyntld.net. xn--cg4bki. 86400 IN NS ns2.xn--cg4bki.centralnic-dns.com. xn--cg4bki. 86400 IN NS ns4.xn--cg4bki.centralnic-dns.com. xn--cg4bki. 86400 IN NS d.xn--cg4bki.dyntld.net. xn--cg4bki. 86400 IN NS ns3.xn--cg4bki.centralnic-dns.com. ;; ADDITIONAL SECTION: a.xn--cg4bki.dyntld.net. 172800 IN A 162.88.40.1 b.xn--cg4bki.dyntld.net. 172800 IN A 162.88.41.1 c.xn--cg4bki.dyntld.net. 172800 IN A 162.88.42.1 d.xn--cg4bki.dyntld.net. 172800 IN A 162.88.43.1 ns1.xn--cg4bki.centralnic-dns.com. 171433 IN A 194.169.218.113 ns2.xn--cg4bki.centralnic-dns.com. 172800 IN A 185.24.64.113 ns3.xn--cg4bki.centralnic-dns.com. 172800 IN A 212.18.248.113 ns4.xn--cg4bki.centralnic-dns.com. 172800 IN A 212.18.249.113 a.xn--cg4bki.dyntld.net. 172800 IN AAAA 2600:2000:3010::1 b.xn--cg4bki.dyntld.net. 172800 IN AAAA 2600:2000:3011::1 c.xn--cg4bki.dyntld.net. 172800 IN AAAA 2600:2000:3012::1 d.xn--cg4bki.dyntld.net. 172800 IN AAAA 2600:2000:3013::1 ns1.xn--cg4bki.centralnic-dns.com. 172800 IN AAAA 2001:67c:13cc::1:113 ns2.xn--cg4bki.centralnic-dns.com. 172800 IN AAAA 2a04:2b00:13cc::1:113 ns3.xn--cg4bki.centralnic-dns.com. 172800 IN AAAA 2a04:2b00:13ee::113 ns4.xn--cg4bki.centralnic-dns.com. 172800 IN AAAA 2a04:2b00:13ff::113 ;; Query time: 453 msec ;; SERVER: 192.168.2.8#53(192.168.2.8) ;; WHEN: Thu Nov 08 07:38:43 EST 2018 ;; MSG SIZE rcvd: 605 Additional info: This change broke an automated script and corrupted 16 days of logs
Sorry to hear that. It can be turned off by IDN_DISABLE environment defined to anything. Upstream also modified the default to be turned on only on tty console, which should help you as well. But I guess it should be able to print default ascii form if output conversion failed.
I think I finally found a solution to that. At least on master dig branch, should be easy to backport to BIND 9.11. https://gitlab.isc.org/isc-projects/bind9/merge_requests/1418
Created attachment 1524782 [details] Fallback to ASCII for v9_11
Created attachment 1524783 [details] Modification of test
Disabling IDN output also if stdin is not a tty. Should help with AXFR with IDN data to be still valid zone file.
Upstream found issue in ubuntu idn2 library, where it fails their tests. I think it can be used this way in Fedora.
bind-dyndb-ldap-11.1-13.fc29 dhcp-4.3.6-29.fc29 dnsperf-2.2.1-1.fc29 bind-9.11.5-2.P1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e883ebcad3
dhcp-4.3.6-22.fc28 dnsperf-2.2.1-1.fc28 bind-dyndb-ldap-11.1-13.fc28 bind-9.11.5-2.P1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0
bind-9.11.5-2.P1.fc29, bind-dyndb-ldap-11.1-13.fc29, dhcp-4.3.6-29.fc29, dnsperf-2.2.1-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e883ebcad3
bind-9.11.5-2.P1.fc28, bind-dyndb-ldap-11.1-13.fc28, dhcp-4.3.6-22.fc28, dnsperf-2.2.1-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0
bind-9.11.5-2.P1.fc29, bind-dyndb-ldap-11.1-13.fc29, dhcp-4.3.6-29.fc29, dnsperf-2.2.1-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.