Absolute / Fully Qualified Domain Names

Posted on December 30, 2015

Type in what you think is the domain name for Google into your browser. I bet you typed www.google.com, or for the no-www folks, google.com.

The correct answer, as far as I know, should be www.google.com., though (or google.com.) – the difference being the terminal dot at the end. According to RFC 1035, an “absolute” domain name (also later referred to as a Fully Qualified Domain Name) should have a terminal dot, in order to prevent path spoofing. RFC 1738, which defines a Common Internet Scheme Syntax, explicitly says that the “host” portion of a URL should be an FQDN. From what I understand (and after confirming with some light testing), most stub resolvers will basically interpret any domain with a dot (not just a trailing one) as an FQDN. This seems to work fine in most cases.

Background: I stumbled across this while casually putting a trailing dot at the end of some random sites to see if resolution works for them. There are interesting results when this interacts with SSL certs, or with CDNs like CloudFront. I was somewhat surprised to see that Amazon India, for example, does not seem to resolve properly for either www.amazon.in. or amazon.in.. I don’t imagine this impacts too many people though.

My website handles trailing dots just fine.

❧ Suggestions, comments, etc. can be emailed to comments@mandarg.com