5

I just read through this question, and when browsing through the answers, I randomly tried out something and noticed that http://admin.to and http://admin.to. lead to different locations. Both return a 403 error, but the .to. domain redirects to a completely different server.

How is this possible? I though that both should be technically identical, so what happens here?

Community
  • 1
poke
  • 203

4 Answers4

6

Actually, the DNS entry is the same (89.107.186.40), as expected. It seems what's different is the vhost. Very likely, the server has one vhost for each server name, specifying the final dot for one of them and not for the other. It's more of an Apache question than a DNS question I think.

Now as others have said, the difference between admin.to and admin.to. is that the second one is a fully qualified name, so your resolver won't try to resolve it by appending your DNS search parameters to it, whereas the first one will be tried with the search parameters.

As an example, I put raphink.info in my search path in /etc/resolv.conf:

$ grep '^search' /etc/resolv.conf
  search raphink.info

$ getent hosts www
  74.125.77.121   raphink.info www.raphink.info

$ getent hosts www.

The first request is www without a trailing dot, so the resolver tries to solve it with the search path. The second request is a fully qualified name since it has a trailing dot, so the search path is not tried, and the resolution yields no results.

Now as I said, your question in this case seems more like an HTTP server thing than a DNS one, since I get the same result on my own machine:

$ getent hosts admin.to
  89.107.186.40   admin.to

$ getent hosts admin.to.
  89.107.186.40   admin.to
raphink
  • 13,027
3

This smells of a host headers issue:

As far as DNS is concerned you are correct: With or without the trailing . the domain resolves to 89.107.186.40, but the server that lives there (which reverses to the serverdomain.org name) doesn't understand that when it parses the host headers.

voretaq7
  • 80,749
-1

A trailing dot means that it's a fully qualified name, which will be handled differently by DNS resolvers.

Bobby
  • 101
-1

The way I understand it, the . at the end indicates that it is a Fully Qualified Domain Name. It means that this is the exact hostname that will be looked up.

If you leave off the . at the end, it will first search your domain. So for example if you go to admin.to, and you happen to be part of a domain somedomain.com, then it will first look for admin.to.somedomain.com. If that resolves, then it would go to that location rather than your intended domain of admin.to.

Dave Drager
  • 8,455