Do all domains technically end with "."?
My understanding is TLDs are subdomains of the root domain which is represented by ".".
So "google.com" in more specific terms should be "google.com.".
Under what scenarios would you see a domain ending with a "." like "google.com."? I've seen it before but thought nothing of it at the time.
Solution 1:
Yes, a fully qualified domain name ends with a dot. And a domain name is always relative if it doesn't end with a dot. The OS, application being used, some proxy or other name resolving element may attempt to search the name relative to something else than the root . domain. At the office, it's likely that the company domain is searched before the root for example.
In theory you can use fully qualified domain names everywhere and possibly save the Internet from a few DNS hits and yourself a few milliseconds. In practise, the world is full of validation regular expressions etc which might reject such a (perfectly valid) FQDN.
One specific case where they are very common is when configuring nameservers, for example CNAME records. A zone in the nameserver typically has itself as the "relative root" so to reference a domain name outside of it has to be done with the fully qualified name ending in a dot.
Solution 2:
Do all domains technically end with "."?
Yes, if you look at the core RFCs related to DNS, because any name there is transmitted with an ending byte of value 0 which encodes the root, aka the ending dot in the "presentation" format.
See section 3.1.5 of RFC 1035:
NAME a domain name represented as a sequence of labels, where each label consists of a length octet followed by that number of octets. The domain name terminates with the zero length octet for the null label of the root.
Which is also why, when using dig or writing zonefiles, you see names ending with a final dot to remove any ambiguity.
Now, all depends on the context. In URLs, you write hostnames without dot at the end, and it works because it is implied they are absolute.
You might want to consult RFC 8499 which is the standard reference now for everything related to DNS terminology. It says this:
The presentation format for names in the global DNS is a list
of labels ordered by decreasing distance from the root, encoded
as ASCII, with a "." character between each label. In
presentation format, a fully-qualified domain name includes the
root label and the associated separator dot. For example, in
presentation format, a fully-qualified domain name with two
non-root labels is always shown as "example.tld." instead of
"example.tld". [RFC1035] defines a method for showing octets
that do not display in ASCII.
The common display format is used in applications and free
text. It is the same as the presentation format, but showing
the root label and the "." before it is optional and is rarely
done. For example, in common display format, a fully-qualified
domain name with two non-root labels is usually shown as
"example.tld" instead of "example.tld.". Names in the common
display format are normally written such that the
directionality of the writing system presents labels by
decreasing distance from the root (so, in both English and the
C programming language the root or Top-Level Domain (TLD) label
in the ordered list is rightmost; but in Arabic, it may be
leftmost, depending on local conventions).
And later, FQDN is defined and goes into details about the real problem being related to context:
Fully-Qualified Domain Name (FQDN): This is often just a clear way
of saying the same thing as "domain name of a node", as outlined
above. However, the term is ambiguous. Strictly speaking, a
fully-qualified domain name would include every label, including
the zero-length label of the root: such a name would be written
"www.example.net." (note the terminating dot). But, because every
name eventually shares the common root, names are often written
relative to the root (such as "www.example.net") and are still
called "fully qualified". This term first appeared in [RFC819].
In this document, names are often written relative to the root.
The need for the term "fully-qualified domain name" comes from the
existence of partially qualified domain names, which are names
where one or more of the last labels in the ordered list are
omitted (for example, a domain name of "www" relative to
"example.net" identifies "www.example.net"). Such relative names
are understood only by context.
As for:
Under what scenarios would you see a domain ending with a "." like "google.com."?
Easy, do any DNS query:
$ dig NS google.com +noall +ans
google.com. 3h9m51s IN NS ns4.google.com.
google.com. 3h9m51s IN NS ns2.google.com.
google.com. 3h9m51s IN NS ns3.google.com.
google.com. 3h9m51s IN NS ns1.google.com.
Note that the results would be exactly the same if I used google.com. because dig is a DNS client and hence expect all names to be absolute (hence the ending dot is optional).
You can also add dots to any name, and hence have URLs like https://www.google.com./. For the DNS plane, it will be the same. So for IP and TCP too. For TLS it should be the same, if there are no errors in the implementations. At the HTTP/HTTPS level a proper server would work but note that you may hit bugs just because of this (and hence having either another page being displayed than the normal one, or an error).
Same for email addresses and everywhere else you use names.
And if you are being to question things, yes, by definition there is only one root... at least in theory (see RFC 2826 "IAB Technical Comment on the Unique DNS Root"). Every network (from a local home up to even a full state) can define a local root, and other protocols do define name appearing to be at root, but not really (ex: eth or bit). But at this point you enter political arenas, and not technical ones anymore.