Trailing dot on Cloud DNS

Question

I have configured Cloud DNS to serve a static website on Google Data Storage to test it works. I've successfully managed to configure it with one exception.

I am able to access my website at

www.example.com. (notice the trailing dot)

I expect it to be accesible at

www.example.com (without a trailing dot but it isn't)

The managed zone automatically adds the trailing dot so its not something I can edit (as it means its an absolute domain). On the CNAME, I've configured it as follows:

Nothing out of the ordinary, Im a bit puzzled about how Cloud DNS works in this matter.

EDIT: As @PatrickMezvek, point out the obfuscation. The domain is www.scolacademy.com. link

I've tried to nslookup and it all works correctly:

>> nslookup www.scolacademy.com
Server:     216.230.147.90
Address:    216.230.147.90#53

Non-authoritative answer:
www.scolacademy.com canonical name = c.storage.googleapis.com.
c.storage.googleapis.com    canonical name = storage.l.googleusercontent.com.
Name:   storage.l.googleusercontent.com
Address: 172.217.3.144

>> nslookup www.scolacademy.com.

# Same output

For dig: (both domains, with/without trailing dot)

; <<>> DiG 9.10.6 <<>> www.scolacademy.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11676
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.scolacademy.com.       IN  A

;; ANSWER SECTION:
www.scolacademy.com.    182 IN  CNAME   c.storage.googleapis.com.
c.storage.googleapis.com. 3060  IN  CNAME   storage.l.googleusercontent.com.
storage.l.googleusercontent.com. 149 IN A   172.217.3.144

;; Query time: 21 msec
;; SERVER: 216.230.147.90#53(216.230.147.90)
;; WHEN: Thu Apr 04 09:14:36 CST 2019
;; MSG SIZE  rcvd: 141

Both domains do work in iOS 12.2. On Chrome, 73.0.3683.86 (same for Firefox and Safari) they do not.Here are some screenshots for Web Browsers:

No trailing dot Trailing dod

This is offtopic since not related to programming and since you obfuscated everything noone can really help. You can use online troubleshooting tools or otherwise contact your provider for explanations. See my other comment below the answer for help on understanding the role of a final dot in a name when adding it to a zone. — Patrick Mevzek, Apr 04 '19 at 14:29
Obfuscate my domain? Can put any value there (example.com etc). Obfuscation would be removing values ttl or other stuff, respectfully disagree with your assessment — Diego Gallegos, Apr 04 '19 at 14:53
You are not giving the true name you are working with, so you have obfuscated it. Your call, but then noone can really help you. — Patrick Mevzek, Apr 04 '19 at 14:54

score 0 · Answer 1 · answered Apr 04 '19 at 03:13

The trailing dot is the part of the FQDN, it means the “root zone” in the internet domain name hierarchy system. So from top to bottom is “the dot” means the root, and the top level domain for example “com” or “org”, then the company or organization domain name “google”, and subdomain “www”. But normally we don’t need to type the “dot” at the end of the domain name, because the system will automatically add it. I guess that your domain didn’t work at the time because the CNAME record TTL was 5 minutes based on your screen capture. It will take some time to propagate to the DNS server that you sent the request to. So if you try your domain name now, it should work without the dot in the end.

For detail about FQDN you can refer the below link: https://en.wikipedia.org/wiki/Fully_qualified_domain_name

No, it does not work. I configured this a month ago but recently retake this. — Diego Gallegos, Apr 04 '19 at 04:41
This is all true but hides an important fact: when building a zone, when you put a name in it, if it has a trailing dot, it means absolute, if not it means it is that name plus the zone. So if you put `www.example.com.` in zone `example.com` then it is really `www.example.com` you have in the DNS, but if you put it as `www.example.com` (no trailing dot) then in fact the true name in the DNS is `www.example.com.example.com` (the zone is "appended" because there was no trailing dot). — Patrick Mevzek, Apr 04 '19 at 14:28

score 0 · Answer 2 · answered Apr 04 '19 at 15:08

Your CNAME seems to work correctly, so I do not see where is your question:

$ dig www.scolacademy.com. +noall +answer

; <<>> DiG 9.12.0 <<>> www.scolacademy.com. +noall +answer
;; global options: +cmd
www.scolacademy.com.    5m IN CNAME c.storage.googleapis.com.
c.storage.googleapis.com. 1h IN CNAME storage.l.googleusercontent.com.
storage.l.googleusercontent.com. 4m45s IN A 172.217.164.176

HTTP works with or without trailing dot, HTTPS does not work in both cases due to a certificate problem.

$ wget -S -O /dev/null https://www.scolacademy.com/
--2019-04-04 10:05:26--  https://www.scolacademy.com/
Resolving www.scolacademy.com (www.scolacademy.com)... 172.217.164.176
Connecting to www.scolacademy.com (www.scolacademy.com)|172.217.164.176|:443... connected.
ERROR: no certificate subject alternative name matches
    requested host name ‘www.scolacademy.com’.
To connect to www.scolacademy.com insecurely, use `--no-check-certificate'.

$ wget -S -O /dev/null https://www.scolacademy.com./
--2019-04-04 10:05:32--  https://www.scolacademy.com./
Resolving www.scolacademy.com. (www.scolacademy.com.)... 172.217.164.176
Connecting to www.scolacademy.com. (www.scolacademy.com.)|172.217.164.176|:443... connected.
ERROR: no certificate subject alternative name matches
    requested host name ‘www.scolacademy.com’.
To connect to www.scolacademy.com. insecurely, use `--no-check-certificate'.

$ wget -S -O /dev/null http://www.scolacademy.com./
--2019-04-04 10:06:55--  http://www.scolacademy.com./
Resolving www.scolacademy.com. (www.scolacademy.com.)... 172.217.164.144
Connecting to www.scolacademy.com. (www.scolacademy.com.)|172.217.164.144|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 200 OK
  X-GUploader-UploadID: AEnB2Upc9_GNBAVPkyjjomj_pEp6QsakmVqx3rBnVYq-SoyJPRHGvo191ATaxx5ao3dEuVbkW7pWFyENN2rNEUEnezERTfYs6g
  Expires: Thu, 04 Apr 2019 15:06:56 GMT
  Date: Thu, 04 Apr 2019 15:06:56 GMT
  Cache-Control: private, max-age=0
  Last-Modified: Fri, 15 Feb 2019 06:13:22 GMT
  ETag: "9ec985ae3f1c1158205025e7925342e4"
  x-goog-generation: 1550211202935263
  x-goog-metageneration: 1
  x-goog-stored-content-encoding: identity
  x-goog-stored-content-length: 3704
  Content-Type: text/html
  x-goog-hash: crc32c=uC9tbQ==
  x-goog-hash: md5=nsmFrj8cEVggUCXnklNC5A==
  x-goog-storage-class: MULTI_REGIONAL
  Accept-Ranges: bytes
  Content-Length: 3704
  Server: UploadServer
Length: 3704 (3.6K) [text/html]
Saving to: ‘/dev/null’

/dev/null                                         100%[=============================================================================================================>]   3.62K  --.-KB/s    in 0.003s

2019-04-04 10:06:56 (1.13 MB/s) - ‘/dev/null’ saved [3704/3704]

$ wget -S -O /dev/null http://www.scolacademy.com/
--2019-04-04 10:06:59--  http://www.scolacademy.com/
Resolving www.scolacademy.com (www.scolacademy.com)... 172.217.164.144
Connecting to www.scolacademy.com (www.scolacademy.com)|172.217.164.144|:80... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 200 OK
  X-GUploader-UploadID: AEnB2UqmISfLaNCIpHL2gVajP2g-8xee1sroWNzJ_UVq50EJh17tDDurR_tv99J9_UVZNhr00uhxDdiLE3SA7xRgNONyq5MnWg
  Expires: Thu, 04 Apr 2019 15:06:59 GMT
  Date: Thu, 04 Apr 2019 15:06:59 GMT
  Cache-Control: private, max-age=0
  Last-Modified: Fri, 15 Feb 2019 06:13:22 GMT
  ETag: "9ec985ae3f1c1158205025e7925342e4"
  x-goog-generation: 1550211202935263
  x-goog-metageneration: 1
  x-goog-stored-content-encoding: identity
  x-goog-stored-content-length: 3704
  Content-Type: text/html
  x-goog-hash: crc32c=uC9tbQ==
  x-goog-hash: md5=nsmFrj8cEVggUCXnklNC5A==
  x-goog-storage-class: MULTI_REGIONAL
  Accept-Ranges: bytes
  Content-Length: 3704
  Server: UploadServer
Length: 3704 (3.6K) [text/html]
Saving to: ‘/dev/null’

/dev/null                                         100%[=============================================================================================================>]   3.62K  --.-KB/s    in 0.005s

2019-04-04 10:06:59 (768 KB/s) - ‘/dev/null’ saved [3704/3704]

Since you are not showing what specific tests you did that makes you go to the conclusion it does not work, noone knows what you see. But it seems everything works correctly (you just have to fix the certificate problem)

I added some extra info. – Diego Gallegos Apr 05 '19 at 02:53 — Diego Gallegos, Apr 05 '19 at 02:53

Trailing dot on Cloud DNS

2 Answers2