What is the real maximum length of a DNS name?

Raymond Chen


The maximum length of a DNS name is 255 octets. This is spelled out in RFC 1035 section 2.3.4. A customer didn’t understand why the DnsValidateName was rejecting the following string:

(63 letters).(63 letters).(63 letters).(62 letters)

The documentation says

Returns ERROR_INVALID_NAME if the DNS name

  • Is longer than 255 octets.
  • Contains a label longer than 63 octets.
  • … other criteria not relevant here…

The length of the domain name passed in is 63+1+63+1+63+1+62=254 characters, just under the length limit of 255. Why is it rejecting this name that is under the limit?

Because the limit isn’t the number of characters; it’s the number of octets. Section 3.3 says that a domain-name is represented as a series of labels, and is terminated by a label of length zero. (The label of length zero represents the root label.) A label consists of a length octet followed by that number of octets representing the name itself. Therefore, the domain name www.microsoft.com is encoded as follows:


Technically, www.microsoft.com is shorthand for www.microsoft.com. with a trailing period, and the trailing zero byte encodes that implied period. If you sit down and do the math, you’ll see that the the readable maximum length of an ASCII DNS name is 253 characters: You don’t encode the dots, but you do encode the length bytes, so they cancel out, except for the length byte of the first label and the length byte of the root label, for an additional cost of two bytes. (On the off chance that you explicitly specified the root label, don’t count it towards the 253-character limit.)

If you use UTF-8 encoding, then the maximum length is harder to describe since UTF-8 is a variable-length encoding.


Comments are closed. Login to edit/delete your existing comments