looking for terminology recommendations concerning non-rooted FQDNs
Jay Ashworth
jra at baylink.com
Sat Feb 23 04:57:22 UTC 2013
----- Original Message -----
> From: "Jimmy Hess" <mysidia at gmail.com>
> RFC103 5.1 is correct in the context of a DNS zonefile.
> In other contexts, however, a domain is absolute without a trailing
> dot.
If that can be nailed down authoritatively, then it will answer my
followup questions, and at least locate the problem the OP was having
(that is, it will still work improperly, but at least we'll be able to
blame the app vendors with a straight face).
> Sometimes a trailing dot is allowed, and in some protocols, a
> trailing dot is not allowed; however the domain used is still called
> a FQDN; it's just different syntax, for a fqdn, with minor
> variations..
You're backing, effectively, my assertion that the only place you can
*use* a relative domain name *is as input to a local resolver*, I think.
or maybe not.
> A trailing dot is not included in the domain portion of an e-mail
> address, however within the context of nobody at example.com;
> example.com is understood to be a fully qualified domain.
I think 5322 actually says so, no?
> Nothing else really makes sense; "example.com" is absolute and not
> relative in this context..
>
>
>
> It is also true in the context of a http URL scheme
> http://www.example.com/
>
> In that context, the www.example.com is a fully qualified domain;
> although some browsers
> might try appending other suffixes, as an aid to the user, if the
> domain cannot be found.
>
> No trailing dot allowed; "each domain label starting and ending with
> an alphanumerical character";
The OP asserts that a) if he puts an absolute domain name into a URL
then that will be what the webserver at the other end gets as the
http/1.1 URL (I believe that's the implication of what he's saying,
anyway), and b) if his webserver receives the URL with the trailing
dot *it will try to look it up in the SSL cert that way*.
No, I must have misunderstood him; as I'm painfully aware, that URL
doesn't move until you have the SSL link running. Pants.
> The URL is the most common context where a fully qualified domain
> would be encountered, e-mail addresses and URLs are the most
> common case where the average network user will encounter a domain
> name.
The issue isn't FQDN vs non-FQDN; it's FQDN represented as an absolute
domain name with trailing dot vs FQDN represented as a relative domain
without such a dot, but *still* a "rooted" FQDN.
> For the sake of consistency, if something is considered a FQDN in a
> URL and in a SMTP hostname or e-mail address, then it ought to be
> made to be considered a fully qualified domain, everywhere.
Don't tell people for whom
http://www.slac.physics/
is a valid and common URL that. :-)
> "
> Berners-Lee, Masinter & McCahill [Page 5]
> RFC 1738 Uniform Resource Locators (URL) December 1994
>
> host
> The fully qualified domain name of a network host, or its IP
> address as a set of four decimal digit groups separated by
> ".". Fully qualified domain names take the form as described
> in Section 3.5 of RFC 1034 [13] and Section 2.1 of RFC 1123
> [5]: a sequence of domain labels separated by ".", each domain
> label starting and ending with an alphanumerical character and
> possibly also containing "-" characters. The rightmost domain
> label will never start with a digit, though, which
> syntactically distinguishes all domain names from the IP
> addresses.
> "
If I'm parsing that right, it means that my assertion was correct:
Browsers given an absolute domain name ought not to send the trailing
dot in the transactions of any type, and servers receiving it ought
to strip it.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274
More information about the NANOG
mailing list