Skip to main content
Legal Characters in DNS
Updated over a year ago

The Domain Name System consists of domain names, as the name suggests. The DNS standards, as updated in RFC 2181, clarifies that there are only two restrictions on domain names:

  1. Individual labels (the parts between the dots) can not be longer than 63 characters

  2. The entire fully qualified name (e.g. server.example.com.) can not be more than 255 characters

There is however a subset of domain names, that we refer to as hostnames, that have an additional restriction. All parts of a fully qualified host name must consist of only numbers, letters and hyphens (And can not start with a hyphen).

This has led to some confusion because all domain names are not host names. A host name is a name that points to an IP address. This is mainly seen in Address (A) records but also in Mail eXchange (MX) records.

There are some services that not only use but require the use of other types of characters. The most common of these is the Service Record (SRV) which is used to locate services associated with a domain . These records may look something like this:

_sip._tcp.example.com. 86400 IN SRV 0 5 5060 sipserver.example.com.

DMARC and DKIM also require underscores:

_dmarc.example.com 3600 IN TXT ""v=DMARC1; p=none; rua=mailto:[email protected]"

test._domainkey.example.com IN CNAME foo.bar.com

As you can see, this is not a hostname (no IP address is associated with it) so this is perfectly legal. Any other type of domain name that is not a hostname can also use underscores (NS, TXT, etc.).

One additional restriction is around DKIM selectors. DKIM selectors must only consist of numbers, letters and hyphens (where a hyphen can not be the first character). Any dots in a DKIM selectors are considered separators between the selector name which allows for establishment of a hierarchy in DKIM keys

Did this answer your question?