Why Do DNS Names End With a Dot? Unraveling FQDNs, Zone Files, and Search Domains

When you query a domain such as example.com with dig, the command often appends a trailing dot, turning it into example.com.. The dot indicates a fully‑qualified domain name (FQDN) , which is an absolute name that requires no further suffixes.

What an FQDN Looks Like

In DNS messages the name is not stored with a literal dot; it is encoded as a series of length‑prefixed labels. For example.com the wire format is the 13‑byte string 7example3com0. No dot characters exist in the encoded data.

Zone Files and the Trailing Dot

Zone files used by servers such as nsd or bind require each name to end with a dot; otherwise the name is interpreted as relative to the zone. For example, in a zone for example.com the record orange 300 IN A 1.2.3.4 is automatically expanded to orange.example.com.. The same rule applies to CNAME records: fruit 300 IN CNAME orange becomes fruit.example.com. CNAME orange.example.com.. Adding the dot explicitly tells the server that the name is already absolute.

Why dig Shows a Dot

dig

prints the trailing dot so that the output can be copied directly into a zone file without modification. The output also prefixes each line with ;;, which are comment markers in zone files.

Effect of the Dot in curl

When you run curl grapefruit the system resolves grapefruit.lan. (because search lan is set in /etc/resolv.conf). Adding a dot ( curl grapefruit.) forces the resolver to treat the name as absolute, causing a "Could not resolve host" error. $ curl grapefruit returns the web page, while $ curl grapefruit. fails.

Search Domains

The resolver reads /etc/resolv.conf:

nameserver 127.0.0.53
search lan

If a name does not end with a dot and does not contain any other dot, the search suffix is appended (e.g., grapefruit → grapefruit.lan.). If the name already ends with a dot, the search list is ignored.

When to Use the Trailing Dot

In DNS configuration files, always use the trailing dot for absolute names.

When you want to prevent the resolver from appending the search domain.

In most browsers adding a dot breaks the request because the HTTP Host header includes the dot, which many servers do not expect.

Understanding the distinction between relative and absolute domain names helps avoid unexpected name expansion and ensures correct DNS queries across tools and environments.