What is the maximum number of characters for a host-name in Unix?

I am wondering what is the maximum number of characters for a host-name in a Unix system. In addition is there any defined variable that can be used in Unix programming to call that number? (i.e. number of characters allowed for a host-name).

I am programming in C.


Solution 1:

You can usually type:

getconf HOST_NAME_MAX

In addition, you can generally include limits.h to your application and read the value of the define.

While the POSIX standard says it is guaranteed not to exceed 255 bytes, that does not necessarily mean that each implementation will adhere to that.

man gethostname on your platform to get more detailed information.

Solution 2:

tl;dr:

Code should deal with hostnames up to 255 bytes long; administrators should keep hostname length (excluding domain) within 19 bytes, and domain name length (excluding hostnames) within 23 bytes.

  • Hostnames can be as long as 255 bytes (some systems may limit them to 64)
  • Hostnames used in DNS can be as long as 253 bytes as a fully qualified domain name (FQDN=host.example.com), in which case:
    • The first DNS label (removing . and anything after it from the hostname) can only be up to 63 bytes
    • The 253 byte limit applies to the entire FQDN, even if only the first label is used for the Unix hostname
  • Hostnames used in e-mail addresses should not exceed 245 bytes (for traditional 8 character username limit) or 221 bytes (modern maximum username length of 32) as a fully qualified domain name
  • Hostnames used for server TLS/SSL certificates should not exceed 64 bytes as a fully qualified domain name
  • Hostnames used for e-mail addresses in OpenSSL-generated certificates should not exceed 31 bytes (for traditional 8 character username limit) as a fully qualified domain name (usernames longer than 8 reduce this limit)
  • If there are non-ASCII characters in the hostname subtract 4 for each non-ASCII domain label (part between . characters) from all the above limits, and subtract an additional 1-2 bytes (not including UTF-8 encoding overhead of 1-2 more bytes per character) for each non-ASCII character.

Long version:

As @Michael says, POSIX hostnames are generally limited to 255 bytes, and as @zrvan points out, DNS limits the length of each label in RFC 1035 - however, that limit is actually 63 (both in RFC 1035 section 2.3.1 and as clarified in RFC 2181 section 11).

There are other limits that come into play when you are using hostnames that will be used in DNS, as hostnames in SSL certificates or e-mail addresses.

First, the fully qualified domain name (FQDN) length limit is 255 octets when represented in the DNS protocol as

"a series of labels, ... terminated by a label of length zero. ... A label consists of a length octet followed by that number of octets representing the name itself"

  • MSDN Blog "The Old New Thing" (quoting RFC 1035, with useful illustration)

With these length prefixes (including the one for the final length zero label), the actual limit for a fully qualified domain name is 253 bytes.

If your hostname will also be used as the DNS name for a server for which you need a TLS/SSL certificate, there is a much shorter limit that will affect you. Appendix A.1 of RFC 5280 and its predecessor RFCs 3280 and 2459 specify Upper Bounds for different fields of an X.509 certificate; the ub-common-name-length limit for the Common Name field, which for server certificates is the server's fully qualified domain name, is 64 bytes.

If you use OpenSSL to generate an SSL certificate with an e-mail address field more than 40 bytes long, you will see this error:

string is too long, it needs to be less than 40 bytes long

If a hostname will be used in e-mail addresses for OpenSSL-generated certificates, the @ and username will also need to fit within 40 bytes (the "less than" in the error should really be "no more than"), which for a maximum username length of 8 bytes, implies a maximum hostname FQDN length of 31 bytes. If the maximum username length is longer than 8 bytes, the maximum hostname length is decreased accordingly - the modern Linux limit of 32 would give a maximum FQDN length of 7 that is impractical, even for URL shortening services like bit.ly.

The OpenSSL choice of a 40 as the length limit for an e-mail address X.509 subject alternative name may have been chosen for compatibility with the shortest possible alternative name syntax, E.163-4 (for telephone numbers), and it is likely that TLS/SSL implementations (perhaps even including OpenSSL) support use of certificates with longer e-mail addresses. There is a separate upper bound (ub-emailaddress-length) of 128 bytes in RFC 3280, increased to 255 bytes in RFC 5280; this is actually for another, legacy embedding of e-mail addresses in X.509 certificates, but it would not be surprising if many implementations use that upper bound for rfc822Address e-mail IA5Strings as well.

While OpenSSL could increase this limit in the future, there is no issue for this in the OpenSSL Request Tracker, and it seems unlikely to be changed.

Even if you don't use TLS/SSL, the maximum e-mail address length of 254 implies a maximum hostname FQDN length of 245 bytes for a traditional 8 byte username limit; or 221 bytes for a modern maximum username length limit of 32.

Taking the minimum of all these maximums and a 2012 median .com domain length of 11 (coincidentally the exact length of example.com), and you get a maximum first label hostname length of 19 bytes for a 40 byte e-mail address like [email protected].

If all your e-mail addresses are mapped to a top-level domain name with MX records and MTA address rewriting, assuming a more reasonable username/alias length limit of 16, you get a maximum domain name length of 23 bytes for a 40 byte e-mail address like [email protected].

Finally, non-ASCII hostnames require IDN (internationalized domain name) encoding for use with DNS; this involves an encoding with a 4 character xn-- prefix for each domain label with non-ASCII characters, and an expansion of 1-2 bytes for each non-ASCII character (in addition to the larger size resulting from UTF-8 encoding). If your hostname has non-ASCII characters, you need to reduce all of the above limits accordingly.

Solution 3:

According to RFC 1035 the length of a FQDN is limited to 255 characters, and each label (node delimited by a dot in the hostname) is limited to 63 characters, so in effect the limit you're after is 63.

You can get this value by running getconf HOST_NAME_MAX in the terminal.

Solution 4:

Hostnames are generally limited to 255 bytes. HOST_NAME_MAX (or _POSIX_HOST_NAME_MAX) defined in <limits.h> will contain the specific value.

Solution 5:

Here's some sample code that puts it all together:

#include <limits.h>
#include <unistd.h>
#include <stdio.h>

char host[HOST_NAME_MAX + 1];

host[HOST_NAME_MAX] = 0;

if (gethostname(host, sizeof(host) - 1) == 0)
{
    printf("hostname is %s\n", host);
}