The trailing dot in domain names matter

This article, and the article linked upthread, is giving a novel definition of FQDN.

https://en.wikipedia.org/wiki/Fully_qualified_domain_name

https://datatracker.ietf.org/doc/html/rfc1594#section-5

The trailing dot (root zone) is implicit in a Fully Qualified Domain Name. The trailing dot is not what makes a domain name fully qualified.

mattashii|1 year ago

Lacking the trailing dot that anchors the FQDN to the root zone, how would I be able to determine that I need to use the global root zone rather than local lookups? The DNS spec allows users to have local zones named similarly to all TLDs, which would be authorative responders for DNS requests that don't anchor to the root with a trailing dot - or have I missed something?

echoangle|1 year ago

Is duplicate content really a problem for search engines? I thought you just have to set the canonical URL and it’s ok.

em-bee|1 year ago

not only this, if webservers can treat both versions as the same, and if in fact the specification treats them as the same, then so should search engines. if there is a problem, then the search engines are at fault. it seems ridiculous that i have to configure a webserver to add a redirect in order to avoid this. actually i think this is something that could also be fixed in the browser. i just checked, firefox treats them as separate domains. i don't think it should.

in practice of course this is not a problem because nobody really puts a trailing dot on hostnames.

Kwpolska|1 year ago

I would also expect search engines to (a) ~never end up on a URL with a dot, unless someone explicitly linked to one, (b) merge the two sites on their end if they appeared.

m463|1 year ago

A lot of people learn about things like this configuring DNS servers.

If you're setting up bind and forget a trailing dot, it is quite easy to get extra weird resolver queries like foo.com.example.com before foo.com is resolved.

konimex|1 year ago

On this topic, I believe it's obligatory to bring up JdeBP's comment: http://jdebp.info./FGA/web-fully-qualified-domain-name.html

fanf2|1 year ago

The web has never coherently dealt with the trailing dot issue. Roughly the only standard that makes a clear requirement is for TLS PKIX certificates, which cannot have a trailing dot. So to avoid certificate matching bugs it’s best to redirect a trailing-dot domain to a no-trailing-dot domain. Sadly web servers do not make this easy, and traditionally they encourage configurations that do unpredictably wrong things with requests that have trailing-dot domains. It sucks.

AStonesThrow|1 year ago

Chris Siebenmann blogged this, 2 months ago: https://utcc.utoronto.ca/~cks/space/blog/tech/DomainDotAtEnd...

ratg13|1 year ago

This is a commonly used attack vector by threat actors to get around various defenses.

kristopolous|1 year ago

This reminds me of how you can use different bases for urls. Take http://3520653007/item?id=41982974 or http://032166163317/item?id=41982974 for example

janjones|1 year ago

For anyone wondering, this is just the IP address written in a different form: https://stackoverflow.com/a/56814434

unknown|1 year ago

[deleted]

unknown|1 year ago

[deleted]

tape_measure|1 year ago

Adding this dot used to be a way to bypass the paywall on nytimes.com. It's been fixed in the last 2 years or so.

lanstin|1 year ago

Don't leave it out in your named config files!

_def|1 year ago

This seems to be content marketing for their company.

imwillofficial|1 year ago

I found it fascinating.

unknown|1 year ago

[deleted]

m0d0nne11|1 year ago

[deleted]

unknown|1 year ago

[deleted]

18 comments