Ancestors

Written by caseyneiba 🦣 on 2023-06-25 at 16:12

@sindarina I have a follow up questions about bad domain name usage, I see lots of companies using name.local as their internal DNS, I always hate that (because I know .local is mDNS and shouldn't be used in unicast) but I don't know what to propose instead (if they can't use a subdomain of their public domain). Something like .home.arpa but for companies does not exist, does it ?

=> More informations about this toot | More toots from caseyneiba@framapiaf.org

Toot

Written by Sindarina, Edge Case Detective on 2023-06-25 at 17:45

@caseyneiba 'name.local' still happens on Windows networks a lot, yes, because it was all over the tutorials for a long time, and there's still plenty of admins who keep doing it.

The alternative is to register a ‘network domain’, specifically for use on the LAN/WAN. Like, for example, if your corporate website is at 'example.com’, you could put your Active Directory domain at 'example.net’, or some other variation on a recognisable name. There's a ‘.computer’, ‘.network’, and a ‘.systems’ gTLD now too, so there's plenty of options.

Just never pick one you don't control, like ‘corp.com’ 😄

=> More informations about this toot | More toots from sindarina@ngmx.com

Descendants

Written by Buttered Jorts on 2024-12-31 at 14:25

@sindarina @caseyneiba or these days, name.internal, which is a newly standardized option since your original post.

Link to El Reg because they explain it better than I will, and have primary source links.

https://www.theregister.com/2024/08/08/dot_internal_ratified/

=> More informations about this toot | More toots from ajn142@infosec.exchange

Written by Sindarina, Edge Case Detective on 2024-12-31 at 14:32

@ajn142 @caseyneiba .internal domains don't allow for split-horizon DNS resolution, such as for a service on the local network that is accessible from both the local network and the internet.

Plus it is going to take a while before all devices will know that it is a local-only domain, and handle it properly.

The original advice stands.

=> More informations about this toot | More toots from sindarina@ngmx.com

Written by Buttered Jorts on 2024-12-31 at 14:43

@sindarina @caseyneiba I agree! I never said the original advice was wrong. But just like RFC 5737 expanded 1166 by adding two new TEST-NET ranges in 2010, standards change, and somebody looking at these same posts when they resurface two years from now might want to know about .internal as an option :)

=> More informations about this toot | More toots from ajn142@infosec.exchange