Complying with Name Restrictions for Hosts and Domains

Different DNS implementations impose different character and length restrictions. Table 6.2 shows the restrictions for each implementation.

Table   6.2 Name Restrictions

Update

The print version of this book states that fully qualified domain name lengths are "63 bytes per label and 255 bytes for an FQDN; domain controllers are limited to 155 bytes for an FQDN." The previous table in this online version contains more up-to-date information.

Note

Although you can create long, complex DNS names, it is recommended that you create shorter, user-friendly names.

According to RFC 1123, the only characters that can be used in DNS labels are "A" to "Z", "a" to "z", "0" to "9", and the hyphen ("-"). (The period [.] is also used in DNS names, but only between DNS labels and at the end of an FQDN.) Many DNS servers, including Windows NT 4.0–based DNS servers, follow RFC 1123.

However, adherence to RFC 1123 can present a problem on Windows 2000 networks that still use NetBIOS names. NetBIOS names can use additional characters, and it can be time consuming to convert all the NetBIOS names to standard DNS names.

To simplify the migration process to Windows 2000 from Windows NT 4.0, Windows 2000 supports a wider character set. RFC 2181, "Clarifications to the DNS Specification," enlarges the character set allowed in DNS names. It states that a DNS label can be any binary string, and it does not necessarily need to be interpreted as ASCII. Based on this definition, Microsoft has proposed that the DNS name specification be readjusted to accommodate a larger character set: UTF-8 character encoding, as described in RFC 2044. UTF-8 character encoding is a superset of ASCII and a translation of the UCS-2 (also known as Unicode) character encoding. The UTF-8 character set includes characters from most of the world's written languages; this enables a far greater range of possible names. The Windows 2000 DNS service includes support for UTF-8 character encoding.

However, before using additional characters, consider the following issues:

• Some third-party resolver software supports only the characters listed in RFC 1123. If you have any third-party resolver software, that software is probably not able to look up computers with names that have non-standard characters.

• A DNS server that does not support UTF-8 encoding might accept a zone transfer of a zone containing UTF-8 names, but it cannot write back those names to a zone file or reload those names from a zone file. Therefore, you must not transfer a zone that contains UTF-8 characters to a DNS server that does not support them.

You can configure the Windows 2000 DNS server to allow or disallow the use of UTF-8 characters on your Windows 2000 server. You can do so on a per-server basis from within the DNS console. From the Advanced tab of the server properties page, set Name checking to one of the following:

• Strict RFC (ANSI) . Allows "A" to "Z", "a" to "z", the hyphen (-), the asterisk (*) as a first label; and the underscore (_) as the first character in a label.

• Non RFC (ANSI) . Allows all characters allowed when you select Strict RFC (ANSI) , and allows the underscore (_) anywhere in a name.

• Multibyte (UTF-8) . Allows all characters allowed when you select Non RFC (ANSI) , and allows UTF - 8 characters.

• Any character . Allows any character, including UTF - 8 characters.

Note

If you enter a DNS name that includes UTF - 8 or underscore characters that are not listed in RFC 1123 when you are modifying a host name or DNS suffix or creating an Active Directory domain, a warning message appears explaining that some DNS server implementations might not support these characters.