Domain Name Validator

Domain name validation: RFC 1034/1035 in practice

A domain name is the human-readable address that resolves to an IP via the DNS hierarchy. Validation matters because malformed domains break SSL certificate issuance, email deliverability, DNS resolution and registrar APIs. The authoritative specs are RFC 1034 (concepts and facilities) and RFC 1035 (implementation), refined by RFC 5891 for internationalized names. Together they define what counts as a syntactically valid name before any DNS lookup happens.

Format: labels separated by dots, total length up to 253 characters, each label between 1 and 63 characters, containing only ASCII letters, digits and hyphens — and never starting or ending with a hyphen. The trailing dot (the root) is implicit. A basic validation regex covers the lion's share of cases: ^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?(\.[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$. This tool also rejects all-numeric labels for the rightmost position (TLDs are never pure digits in the public Internet).

Internationalized Domain Names (IDN) and punycode

Names with non-ASCII characters (brasíl.com, münchen.de, 北京.cn) are encoded as punycode with the prefix xn-- before reaching DNS. brasíl becomes xn--brasil-z9a and münchen becomes xn--mnchen-3ya. Browsers display the Unicode form to users but resolvers always handle the ASCII form. Validators should accept both representations: the Unicode form must obey the IDNA 2008 rules (RFC 5891) and the punycode form must conform to the ASCII regex above.

TLDs: gTLD, ccTLD, sTLD and new gTLDs

• gTLD (generic): .com, .net, .org, .io, .ai, .dev. Global use, no geographic restriction.
• ccTLD (country code): .br, .pt, .uk, .de, .fr. Two letters, ISO 3166-1.
• sTLD (sponsored): .gov, .edu, .mil, .aero. Restricted to a defined community.
• New gTLDs: .app, .blog, .shop, .pizza, .tech. ICANN's 2012 expansion, now over 1,500 active.

Strict validation also checks that the TLD exists in the IANA root zone. A name like example.zzz passes the syntax test but fails delegation. Lists like the IANA TLD list ship as plain text and can be cached locally.

Brazilian .br registry

NIC.br (Núcleo de Informação e Coordenação do Ponto BR) runs the .br registry through registro.br. .br uses second-level categories rather than flat names: .com.br (commercial), .org.br (non-profit), .gov.br (government, restricted), .edu.br (education, restricted), .net.br (network), .blog.br, .arq.br (architects), .adv.br (lawyers), .med.br (doctors). Some categories require professional credentials. Domain disputes are handled by CASD-ND (Câmara de Solução de Disputas relativas a Nomes de Domínio).

Public Suffix List and the co.uk problem

Naively splitting on the last dot fails for names like example.co.uk or company.com.br: the effective TLD is co.uk, not uk. Mozilla maintains the Public Suffix List (PSL), the canonical reference for "where does the registrable part start". Libraries like psl, tldjs and tldextract (Python) consume the PSL to correctly parse domains into subdomain, registrable name and public suffix.

const psl = require('psl')
psl.parse('www.example.co.uk')
// { tld: 'co.uk', sld: 'example', domain: 'example.co.uk', subdomain: 'www' }

WHOIS, DNSSEC and the HSTS preload list

WHOIS returns ownership and registrar information; since GDPR most personal data is redacted for natural-person registrants in the EU and Brazil. DNSSEC adds cryptographic signatures to DNS records — when the registrar supports it, the domain owner publishes a DS record at the parent zone. The HSTS preload list (shipped inside Chromium, Firefox, Safari) hardcodes domains that must always be reached via HTTPS; submission at hstspreload.org is irreversible in practice, so validate carefully before opting in.

SSL certificates and wildcard rules

A TLS certificate is valid for the exact names listed in its Subject Alternative Names (SAN). Wildcards like *.example.com match exactly one label level — they cover www.example.com and api.example.com but NOT a.b.example.com nor the apex example.com itself. For multi-level coverage you need separate certificates or Let's Encrypt with DNS-01 challenge issuing one cert per subdomain.

FAQ

Does this tool check whether the domain actually resolves? No, syntax validation is offline. Resolution requires a separate DNS lookup (dig, nslookup, or DoH endpoints like Cloudflare's 1.1.1.1).

How do I parse co.uk correctly? Use a library backed by the Public Suffix List. Naive split('.') breaks for compound public suffixes (over 9,000 entries in the PSL).

Can I register an IDN domain? Yes. Registrars accept both the Unicode form and the punycode form. The registrar stores the xn-- ASCII representation, and modern browsers render the Unicode label for users.

Why does my domain say "invalid" but the browser opens it? Probably an emoji TLD or a private TLD (.local, .lan) used inside a LAN. Public Internet validation requires a real IANA-delegated TLD.

What is the maximum length again? 253 characters for the whole name, 63 per label. Names beyond 253 are rejected at the protocol layer and cannot be queried via standard DNS.