The Different Parts
of a Domain Name

A Lesson in URL Anatomy

Who am i?

James Hoff

Why are we discussing this again?

  • Because we work on the Internet and use web browsers every day.  You will deal with domain names and URLs in some fashion every day.

  • Because if I show you a really long and complicated URL, you should be able to identify its different parts and their meaning.

  • Because you should be able to identify a legitimate URL vs. a phishing or SPAM URL.

is a domain name the same as a URL?

  • NO!
  • This is a URL  (Uniform Resource Locator):
  • The "domain name" portion of that URL is:
  • A URL always includes a protocol like:

    OK, So what exactly is a domain name?

    • A domain name is really just a pointer to an IP address.
    • When you see this in your browser's address bar:
      ...your browser sees this:
    • Behind the scenes there is a domain name "phone book" that maps your requested domain name to the IP address of the server where the website lives.   =>

    Enough of that, let's talk anatomy

    First we have the protocol:
    • When it comes to websites, all that really matters is whether the protocol is:
      • https (secure connection)
      • http (non-secure connection)
    • The protocol dictates which set of rules the browser and the web server use to communicate with and understand each other.
    • Always followed by these characters: ://

    Anatomy of the domain name itself

    Next let's take the domain name portion of the
    URL and work right to left...

    Top Level Domain

    Second Level Domain


    Top level Domain
    • Sometimes called an "extension."
    • Most common TLDs:
      • .com
      • .net
      • .org
      • .edu
    • Can also be country specific:
      • .au (Australia)
      • .ca (Canada)
      • .de (Germany)

    second level domain
    • This is the "name" that you register and pay for in conjunction with the TLD.
    • Can be up to 63 characters long.
    • Good luck registering the name you want!!

    • A subdomain, by definition, is just a domain that is part of a larger domain.  They are optional.
    • They do NOT need to be "registered." They are created entirely at the user's discretion. I can create any subdomain I want, for the second level domain that I registered, as long as it doesn't exceed 63 characters.
    • Some subdomain examples in use at Google:

    Port Number
    • Seeing a port number in a URL is so rare that I'm only mentioning it for the sake of completeness.
    • The default port for a non-secure (http) connection is 80.
    • The default port of a secure (https) connection is 443.
    • For all intents and purposes a port number only needs to specified in the URL if you're trying to connect to a port that IS NOT the default.

    File/script name
    • This is the name of the document file requested.
    • Normally an actual file on the server such as an HTML document, PHP script, JPG image, PDF document, etc. It can also be a folder name.

    Query string
    • A query string is the part of a URL that contains data to be passed to web applications such as PHP scripts.
    • Always starts with a question mark (?). Each name/value pair (parameter) thereafter separated by an ampersand (&).
    • Usually generated by a web form or a script that communicates with a database.

    • The fragment is optional but if it exists it always appears last and is set apart with a hash mark ( # ).
    • The fragment identifier specifies a location within the HTML document. The browser looks for a tag with a "name" or "id" attribute matching the fragment.
      <h1 id="lesson_1">Lesson One: URL Anatomy</h1>
    • Fragments are useful because they don't cause a page reload but they DO create an entry in the browser history.

    That's all the anatomist wrote!

    Now let's talk about the DARK SIDE of URLs.

    Or maybe it's this DARK SIDE…

    Whichever you prefer.

    phishing URLs

    • There are mean people out there who manipulate URLs in a malicious manner in effort to trick you or steal from you.
    • 99% of the time these URLs are found in SPAM emails called "phishing" emails.
    • Examples of phishing URLs for PayPal:

    phishing urls continued…

    • Hyperlinks can also be manipulated in such a way that it looks like you're going to a website that you're NOT actually going to.
    • If you're suspicious of a hyperlink, hover over it and look at your browser's status bar which will tell you the link's destination.
    • Remember how we examined our domain name right to left a little while ago? That's standard procedure for visually parsing domain names to determine if they're legit. Find the first forward slash (/) and work backwards identifying the TLD, second level domain, etc.
    • As a policy, "Don't call me, I call you!"


    The Different Parts of a Domain Name

    By James Hoff

    The Different Parts of a Domain Name

    A Lesson in URL Anatomy

    • 44,125