* Convert domain names to IDNA when going into the users or aliases table.
* After that, ensure domain names are ASCII-only and IDNA-valid.
* In the admin panel, turn IDNA back into Unicode where appropriate.
* Everything on the wire remains ASCII-only, including e.g. IMAP login.
If bind9 isn't running, dont proceed with other checks because we can't do DNS checks. Even though we skip, add error handling so that a failed call to rndc doesn't crash and that a timeout in a DNS check doesn't crash the status checks.
Relative hostnames have a fall-back lookup with the machine's hostname appended, which makes no sense. Add a period, e.g. "my.hostname.com" => "my.hostname.com.", to prevent that.
This caused false positive Spamhaus checks. Fixes#185.
* If the PRIMARY_HOSTNAME is in a zone with a DS record set at the registrar, show any DNSSEC failure (but only a failure) immediately since it is probably the cause of other DNS errors displayed later.
* For zones, if a DS record is set at the register, do the DNSSEC test first because even the NS test will fail if DNSSEC is improperly configure.
* But if a DS record is not set, the this is just a suggestion to configure DNSSEC so offer the suggestion last --- after mail and web checks.
see https://discourse.mailinabox.email/t/dns-nameserver-gandi-glue-records-issues/105/3
