Friday, December 09, 2011

DNS domain names: 253 or 255 bytes/octets?

The question of whether DNS domain names are 253 or 255 is something that is hard to find a good confirmation on, but I hope to be able to provide the answer here in this post.

Let's start taking a look at some RFCs:


So it seems that the domain names should be up to 255 octets, right? That is not what Wikipedia says:


There is even a long discussion on Wikipedia about the right value here

And even an RFC mentions 253 octets:
  • "When the result of macro expansion is used in a domain name query, if the expanded domain name exceeds 253 characters (the maximum length of a domain name) [...]" http://www.ietf.org/rfc/rfc4408.txt

Then you start playing with Microsoft DNS or BIND, and tools on both Windows and Linux and see some interesting behaviors. For instance, nslookup on Windows times out when domain name is 255 characters against a BIND server. The version on Linux, however, you get an explicit error for anything longer than 253 characters (ASCII, hence 253 octets):

host <255-char domain name>
<255-char domain name> is not a legal name (ran out of space)

The answer lies actually in the good old RFC 1035 - thanks to a colleague for finding this definitive answer:
  • "Each label is represented as a one octet length field followed by that number of octets. Since every domain name ends with the null label of the root, a domain name is terminated by a length byte of zero." http://www.ietf.org/rfc/rfc1035.txt

The answer is that, over the wire, the domain name uses 255 octets. The first one is used to indicate the length, and there's a last byte that is a terminator. So what is left for the actual domain name is 253 octets - which can represent different numbers of characters depending on your domain.
Post a Comment