Score:2

Do all domains technically end with "."?

ao flag
abc

My understanding is TLDs are subdomains of the root domain which is represented by ".".

So "google.com" in more specific terms should be "google.com.".

Under what scenarios would you see a domain ending with a "." like "google.com."? I've seen it before but thought nothing of it at the time.

Score:2
us flag

Yes, a fully qualified domain name ends with a dot. And a domain name is always relative if it doesn't end with a dot. The OS, application being used, some proxy or other name resolving element may attempt to search the name relative to something else than the root . domain. At the office, it's likely that the company domain is searched before the root for example.

In theory you can use fully qualified domain names everywhere and possibly save the Internet from a few DNS hits and yourself a few milliseconds. In practise, the world is full of validation regular expressions etc which might reject such a (perfectly valid) FQDN.

One specific case where they are very common is when configuring nameservers, for example CNAME records. A zone in the nameserver typically has itself as the "relative root" so to reference a domain name outside of it has to be done with the fully qualified name ending in a dot.

Patrick Mevzek avatar
cn flag
"And a domain name is always relative if it doesn't end with a dot.". It depends of the context. In URLs, names never have an ending dot, yet they are fully qualified too.
us flag
@PatrickMevzek actually they are not when entered into a browser like Chrome. If I put in http://www/ and my DNS config has a search domain of example.com then Chrome will happily find www.example.com and open the page.
Patrick Mevzek avatar
cn flag
Which is why I said "it depend on the context". Yes on YOUR DNS config anything can happen. On someone else anything different can happen too. Also remember that browsers use DoH more and more which bypasses any OS level setting about DNS resolution.
Score:2
cn flag

Do all domains technically end with "."?

Yes, if you look at the core RFCs related to DNS, because any name there is transmitted with an ending byte of value 0 which encodes the root, aka the ending dot in the "presentation" format.

See section 3.1.5 of RFC 1035:

NAME a domain name represented as a sequence of labels, where each label consists of a length octet followed by that number of octets. The domain name terminates with the zero length octet for the null label of the root.

Which is also why, when using dig or writing zonefiles, you see names ending with a final dot to remove any ambiguity.

Now, all depends on the context. In URLs, you write hostnames without dot at the end, and it works because it is implied they are absolute.

You might want to consult RFC 8499 which is the standard reference now for everything related to DNS terminology. It says this:

      The presentation format for names in the global DNS is a list
     of labels ordered by decreasing distance from the root, encoded
     as ASCII, with a "." character between each label.  In
     presentation format, a fully-qualified domain name includes the
     root label and the associated separator dot.  For example, in
     presentation format, a fully-qualified domain name with two
     non-root labels is always shown as "example.tld." instead of
     "example.tld".  [RFC1035] defines a method for showing octets
     that do not display in ASCII.

     The common display format is used in applications and free
     text.  It is the same as the presentation format, but showing
     the root label and the "." before it is optional and is rarely
     done.  For example, in common display format, a fully-qualified
     domain name with two non-root labels is usually shown as
     "example.tld" instead of "example.tld.".  Names in the common
     display format are normally written such that the
     directionality of the writing system presents labels by
     decreasing distance from the root (so, in both English and the
     C programming language the root or Top-Level Domain (TLD) label
     in the ordered list is rightmost; but in Arabic, it may be
     leftmost, depending on local conventions).

And later, FQDN is defined and goes into details about the real problem being related to context:

 Fully-Qualified Domain Name (FQDN):  This is often just a clear way
  of saying the same thing as "domain name of a node", as outlined
  above.  However, the term is ambiguous.  Strictly speaking, a
  fully-qualified domain name would include every label, including
  the zero-length label of the root: such a name would be written
  "www.example.net." (note the terminating dot).  But, because every
  name eventually shares the common root, names are often written
  relative to the root (such as "www.example.net") and are still
  called "fully qualified".  This term first appeared in [RFC819].
  In this document, names are often written relative to the root.

  The need for the term "fully-qualified domain name" comes from the
  existence of partially qualified domain names, which are names
  where one or more of the last labels in the ordered list are
  omitted (for example, a domain name of "www" relative to
  "example.net" identifies "www.example.net").  Such relative names
  are understood only by context.

As for:

Under what scenarios would you see a domain ending with a "." like "google.com."?

Easy, do any DNS query:

$ dig NS google.com +noall +ans
google.com.     3h9m51s IN NS ns4.google.com.
google.com.     3h9m51s IN NS ns2.google.com.
google.com.     3h9m51s IN NS ns3.google.com.
google.com.     3h9m51s IN NS ns1.google.com.

Note that the results would be exactly the same if I used google.com. because dig is a DNS client and hence expect all names to be absolute (hence the ending dot is optional).

You can also add dots to any name, and hence have URLs like https://www.google.com./. For the DNS plane, it will be the same. So for IP and TCP too. For TLS it should be the same, if there are no errors in the implementations. At the HTTP/HTTPS level a proper server would work but note that you may hit bugs just because of this (and hence having either another page being displayed than the normal one, or an error).

Same for email addresses and everywhere else you use names.

And if you are being to question things, yes, by definition there is only one root... at least in theory (see RFC 2826 "IAB Technical Comment on the Unique DNS Root"). Every network (from a local home up to even a full state) can define a local root, and other protocols do define name appearing to be at root, but not really (ex: eth or bit). But at this point you enter political arenas, and not technical ones anymore.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.