[wp-trac] [WordPress Trac] #35248: WordPress should remove domain trailing dot (as/like it removes "www.")

WordPress Trac noreply at wordpress.org
Tue May 23 15:04:32 UTC 2017

#35248: WordPress should remove domain trailing dot (as/like it removes "www.")
 Reporter:  qdinar       |       Owner:
     Type:  enhancement  |      Status:  reopened
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Canonical    |     Version:  4.4
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:

Comment (by qdinar):

 my reply to the text by the first link (
 /web-fully-qualified-domain-name.html ):

 >Originally, as defined in RFC 1738 (§ 3.1), the "host" portion of a
 (Common Internet Scheme) URL was always and unequivocally a fully
 qualified domain name and the conventional mechanism for distinguishing
 fully-qualified domain names from non-fully-qualified domain names did not
 apply. Whether it was example.com. or example.com, the host was intended
 to be the same.

 -- i think he is not right, i think "example.com" was not allowed at all
 in urls according to rfc 1738, it is cited in the second text, and i cite

 3.1. Common Internet Scheme Syntax
         The fully qualified domain name of a network host

 and "example.com" could not be used in http headers at that time, because
 rfc 1738 is of 1994 and host field appeared only with http 1.1 in 1997
 (you can check in wikipedia).

 so, indeed, only fqdn was left allowed in urls. i think, this was a error
 in rfc 1738, because in such way it made (tried to make) the "relative
 domains" feature useless. if it did not disallow it, they theoretically
 could be used in "a" tag hrefs in local scripted sites or static html
 documentation inside big companies that used relative domains, if browsers
 and servers supported it. but even if rfc 1738 disallowed them, people did
 not obey it: they continued to use top level domains in relative form ie
 without trailing dot, so this disallowing by rfc 1738 was not a big
 practical problem anyway, and people had and used an alternative to
 relative domains: they just made local top-level domains like "localhost"
 (and used and use them also without trailing dot).

 then he says:
 >Unfortunately, in practice web browsers have always violated that
 specification and passed the "host" portion through the name qualification
 procedures of their DNS Client libraries when mapping the host name to a
 set of IP addresses. (For example, those that used the BIND DNS Client
 library would leave the RES_DNSRCH option set and would not append the
 final trailing dot if it was missing.)
 -- i think he meaned that hosts without trailing dot should be just thrown
 off as error, and only absolute domains (fqdn) should be passed to dns. i
 think probably browsers did pass all domains to dns because people used
 their custom local top level domains like "localhost". and anyway, later
 in rfc 2396 published in 1998, the usage of top level domains in urls
 without trailing dots was allowed.

 then the author (Jonathan de Boyne Pollard) cites rfc 2396 and regrets
 about it changed according to the established human behaviour ie de facto
 standarts, says that better would be if browsers obeyed rfc 1738, and
 recommends to all people to use only fqdn, in all places, as it was
 commanded by rfc 1738.

 -- but what would happen if people obeyed rfc 1738? urls like
 "http://example.com/test.html" and "http://localhost/test.html" all had to
 be rewritten as "http://example.com./test.html" and
 "http://localhost./test.html". browser would have to either mark hosts
 without dots as error, or redirect on clicking them to full/absolute form
 of them. all people who configured local top-level domains like
 "localhost" would have to configure their servers to accept only requests
 for domains like "localhost." , or accept and redirect [all urls inside]
 "localhost" to [corresponding urls in] "localhost.". text like "localhost"
 would stay useful only when typing it in browser address bar, but that
 would be only very useless usage, and the relative domain feature is not
 neeeded for that, because browsers search for domains on typing. usage
 them in html source would become useless because it would lead to that
 links would not work, or clicking all links with "localhost" would move
 user to "localhost." and it would be just extra redirect on every click.
 so, rfc 1738 would make the planned "relative domain" feature entirely
 useless. if some company used that feature, and used their relative
 domains in their local sites, and their urls with relative domains were
 not redirected to absolute form by browsers, so their sites worked
 normally, if they also obeyed rfc 1736, they would configure their servers
 to accept only fqdn, and they would have to either rewrite all their such
 urls with fqdn, or work with extra redirect on every click on such urls.
 if that companies liked having short domain like "team101" instead of
 "team101.microsoft.com." in their address bars and html sources, they
 would have to start use their custom internal top-level domains like
 "team101." ie like "localhost." instead of subdomains like
 "team101.microsoft.com." (which could be used as just "team101" before
 they decided to obey rfc 1738).


 and i have found out that the trailing dot, which was so strongly
 supported by rfc 1738, really appeared only after the standart without
 trailing dots! it appeared with rfc 1034 in 1987, it is cited in the
 second link, and i cite it:

 Since a complete domain name ends with the root label, this leads to a
 printed form which ends in a dot.  We use this property to distinguish
 - a character string which represents a complete domain name
  (often called "absolute").  For example, "poneria.ISI.EDU."
 - a character string that represents the starting labels of a
  domain name which is incomplete, and should be completed by
  local software using knowledge of the local domain (often
  called "relative").  For example, "poneria" used in the
  ISI.EDU domain.

 rfc 1034 (of 1987) just declared all domains which were used, seems they
 all were without trailing dots, declared them all as becoming relative
 domains! but they still worked as before, so probably few people knew out
 about that, and continued to think that they are unambiguously requesting
 a unique real "example.com" site when they use "example.com" without
 trailing dot. so that has become an additional security breach in some
 cases: famous real example.com could be spoofed by a subdomain
 administrator even if he was not given rights to make any local domain
 like "localhost.". so, rfc 1034 also was not designed very well: seems its
 authors did not expect that maybe it will be {not widely known, so
 creating security breach}!

 probably rfc 1738 (1994) tried finally to bring the idea of distinction
 between absolute and relative domains to wide audience and also fix that
 security breach after 6 years, {but by fixing the security breach by
 disallowing relative domains in urls it made relative domains useless,
 {but i think they probably was not used widely, probably only in some big
 companies}}. so, what would be [left] in result of rfc 1737, if it would
 be obeyed? - 1) relative domains declared in 1987 would become finally
 useless, so, trailing dot, designed to show absolute domain, also would
 become finally useless and redundant "legally" ie as defined by the rfcs!
 (but maybe they planned later re-allow relative domains in urls after many
 years, when wide audience (general public) start to know about the
 possibility of relative domains). 2) and rfc 1737, if it was obeyed, would
 also fix the security breach. - but even rfc 1034 would not create the
 security breach if it reached masses and it was widely understood that
 using relative domain is not safe! - so, main recipe to fix it was
 reaching the wide audience, and publishing one more rfc was just one of
 many ways to do it.

 i think now that probably the relative domain feature has not become
 widely known after rfc 1034 (of 1987) because it was of too limited use:
 only in some big companies or providers' local networks, and it was a
 feature with no practical value, because local networks could already make
 any local domain, so that feature was just for itself, it was in fact just
 a useless text in rfc that anybody should know and use without having any
 additional benefit! but people created the little security breach by
 widely ignoring the rfc, while browsers started to obey it.

 i checked the relative domains feature yesterday, it works. (it is ok,
 because rfc 2396 (of 1998) re-allowed it after rfc 1034 (of 1987) denied,
 and later rfc 3986 (of 2005) still allows them). i added dns suffix in
 windows 10 - control panel - ... - network device properties - ipv4
 properties - additional - dns tab. when i added "google.com" then opened
 "http://mail/" in firefox, it opened google's server, but it was not
 configured to work with just "mail" in the http "host" header, so i got
 something like "404" page.


 my reply to the text by the second link ( http://www.dns-
 sd.org/trailingdotsindomainnames.html ):

 he also cites the rule in rfc 1738 and says:

 >Unfortunately, the people implementing web browser clients appeared not
 to understand what this meant. When you access a web site, the value most
 web browsers put in the "Host:" field is what the user typed, not what the
 computer actually ended up using, after applying the DNS user's searchlist
 to constuct a fully-qualified name from the partial name. For example,
 here are three different ways the user may refer to the host
 "www.example.com." ... When sending the "Host:" parameter to the web
 server, the web browser client puts in what the user typed
 ("www.example.com.", "www.example.com", or "www") instead of what the
 client ended up actually looking up in DNS ("www.example.com." in all
 three cases). ...

 -- this is not very true(correct), because rfc 1738 was very strict, and
 it disallowed relative domains in all urls, even if it is in browser's
 address bar, and url itself is the way of making any references to sites,
 even if people write it on paper, so users are not allowed refer to a site
 in 3 ways!

 and seems the author of this text does not know about rfc 2396, so this
 text is outdated.


 and what is the situation nowadays? rfc 3986 (
 https://tools.ietf.org/html/rfc3986#page-21 ) allows referring to absolute
 domain without trailing dot: it says "  The rightmost domain label of a
 fully qualified domain name in DNS may be followed by a single "."  " and
 that it should be used if it is "necessary to distinguish between the
 complete domain name and some local domain". i think that due to de facto
 standarts it is almost never necessary, so wordpress can accept the de
 facto standart and redirect from address with trailing slash to the
 address without it.

Ticket URL: <https://core.trac.wordpress.org/ticket/35248#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list