FQDN
Fully Qualified Domain Name
The complete, unambiguous name of a host in the DNS hierarchy — including hostname, domain, and root — that uniquely identifies one specific machine anywhere on the internet.
An FQDN (Fully Qualified Domain Name) leaves no room for interpretation. While a hostname like mail is only meaningful within a local network, mail.example.com. is globally unique — the trailing dot representing the DNS root makes it fully qualified. Every DNS lookup ultimately resolves an FQDN; the browser or OS may expand a partial name before sending the query.
FQDN structure
| Part | Example | Meaning |
|---|---|---|
| Hostname | www | The specific host or service label |
| Second-level domain | example | The registered domain name |
| Top-level domain | .com | The TLD managed by a registry |
| Root (implicit) | . (trailing dot) | The DNS root zone |
| Full FQDN | www.example.com. | Unambiguous global identifier |
FQDN vs hostname vs relative domain name
A hostname is just the leftmost label — webserver01 — with no domain context. It only resolves within a network where a local DNS server knows about it. A relative domain name like mail.corp is partial — it only makes sense if an application appends a DNS search domain to complete it (e.g., appending .example.com to get mail.corp.example.com). An FQDN includes every label from the hostname down to the root, making it unambiguous globally. Operating systems maintain a DNS search domain list (configured via DHCP option 119 or manually) that they append to short names before querying, effectively converting relative names to FQDNs for resolution.
The significance of the trailing dot
The trailing dot in www.example.com. explicitly marks the DNS root — the top of the entire DNS hierarchy. Without it, DNS software may treat the name as relative and append a search domain. In a DNS zone file, every record target that is an FQDN must end with a dot; without it, the zone name is appended automatically. For example, in the zone example.com, a CNAME record pointing to cdn.provider.com (no trailing dot) would resolve as cdn.provider.com.example.com — a common misconfiguration. With the trailing dot (cdn.provider.com.), it resolves correctly. In browser address bars and most end-user tools, the trailing dot is omitted but implied.
FQDNs in TLS certificates
TLS certificates bind a public key to one or more FQDNs. The Subject Alternative Name (SAN) field lists every FQDN the certificate is valid for — the older Common Name (CN) field is deprecated for this purpose but still widely used. A certificate for www.example.com does not cover example.com or api.example.com unless those are also listed in the SAN. Wildcard certificates use a * label to cover all immediate subdomains: *.example.com covers www.example.com, api.example.com, and mail.example.com, but not sub.api.example.com (wildcards only match one label deep) and not bare example.com itself. For multi-level subdomain coverage, a certificate must list each FQDN explicitly in the SAN.
FQDNs in DNS records
Several DNS record types use FQDNs as their data value. MX records specify the FQDN of the mail server that accepts email for a domain — example.com MX 10 mail.example.com. PTR records perform reverse DNS lookups, resolving an IP address to an FQDN — the PTR record for 203.0.113.5 might return server5.isp.net.. CNAME records alias one FQDN to another. NS records specify the FQDNs of authoritative name servers for a zone. In all cases, the trailing dot in zone files is what distinguishes an absolute FQDN from a name relative to the current zone.
FQDNs in the hosts file
The /etc/hosts file (or C:\Windows\System32\drivers\etc\hosts on Windows) maps FQDNs to IP addresses locally, bypassing DNS entirely. Entries take the form 192.168.1.10 nas.home.example.com nas — the first field is the IP, subsequent fields are names that resolve to it. The hosts file is consulted before DNS on most operating systems, making it useful for overriding specific FQDNs in development environments or blocking domains by pointing them to 127.0.0.1.
Frequently Asked Questions
What is the difference between a domain name and an FQDN?
A domain name like example.com identifies a domain. An FQDN like www.example.com. includes the hostname and root dot, uniquely identifying one specific host in the entire DNS namespace.
Where do FQDNs appear in networking?
In TLS certificates (Common Name / SAN), DNS zone files (as record targets with trailing dot), Active Directory computer names, email server configuration, and anywhere hostname ambiguity must be eliminated.
What is the trailing dot in an FQDN?
The trailing dot represents the DNS root zone — the top of the hierarchy. DNS software uses it to distinguish a fully qualified name from a relative one. In zone files it is required; in user-facing tools it is usually omitted but implied.