----- Original Message -----
From: "Jimmy Hess" <mysidia@gmail.com>
RFC103 5.1 is correct in the context of a DNS zonefile. In other contexts, however, a domain is absolute without a trailing dot.
If that can be nailed down authoritatively, then it will answer my followup questions, and at least locate the problem the OP was having (that is, it will still work improperly, but at least we'll be able to blame the app vendors with a straight face).
Sometimes a trailing dot is allowed, and in some protocols, a trailing dot is not allowed; however the domain used is still called a FQDN; it's just different syntax, for a fqdn, with minor variations..
You're backing, effectively, my assertion that the only place you can *use* a relative domain name *is as input to a local resolver*, I think. or maybe not.
A trailing dot is not included in the domain portion of an e-mail address, however within the context of nobody@example.com; example.com is understood to be a fully qualified domain.
I think 5322 actually says so, no?
Nothing else really makes sense; "example.com" is absolute and not relative in this context..
It is also true in the context of a http URL scheme http://www.example.com/
In that context, the www.example.com is a fully qualified domain; although some browsers might try appending other suffixes, as an aid to the user, if the domain cannot be found.
No trailing dot allowed; "each domain label starting and ending with an alphanumerical character";
The OP asserts that a) if he puts an absolute domain name into a URL then that will be what the webserver at the other end gets as the http/1.1 URL (I believe that's the implication of what he's saying, anyway), and b) if his webserver receives the URL with the trailing dot *it will try to look it up in the SSL cert that way*. No, I must have misunderstood him; as I'm painfully aware, that URL doesn't move until you have the SSL link running. Pants.
The URL is the most common context where a fully qualified domain would be encountered, e-mail addresses and URLs are the most common case where the average network user will encounter a domain name.
The issue isn't FQDN vs non-FQDN; it's FQDN represented as an absolute domain name with trailing dot vs FQDN represented as a relative domain without such a dot, but *still* a "rooted" FQDN.
For the sake of consistency, if something is considered a FQDN in a URL and in a SMTP hostname or e-mail address, then it ought to be made to be considered a fully qualified domain, everywhere.
Don't tell people for whom http://www.slac.physics/ is a valid and common URL that. :-)
" Berners-Lee, Masinter & McCahill [Page 5] RFC 1738 Uniform Resource Locators (URL) December 1994
host The fully qualified domain name of a network host, or its IP address as a set of four decimal digit groups separated by ".". Fully qualified domain names take the form as described in Section 3.5 of RFC 1034 [13] and Section 2.1 of RFC 1123 [5]: a sequence of domain labels separated by ".", each domain label starting and ending with an alphanumerical character and possibly also containing "-" characters. The rightmost domain label will never start with a digit, though, which syntactically distinguishes all domain names from the IP addresses. "
If I'm parsing that right, it means that my assertion was correct: Browsers given an absolute domain name ought not to send the trailing dot in the transactions of any type, and servers receiving it ought to strip it. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274