8

So, I've set up a few Win Servs in my time and always did the .local thing when there was a router that sepearated my internal from external networks. Now that I'm setting up an *nix box for the first time, does this concept still apply? Do I still want my FQDNs (/etc/hostname) to show .local or .com for all my machines (mixed: linux servers, win workstations) inside of my network.

This question comes in context of always having Active Directory hold my hand every step of the way, where now I'm setting up an DNS machine manually.

Chad Harrison
  • 6,960
  • 10
  • 28
  • 41

2 Answers2

7

As @Zoredache pointed out the .local namespace has no official status (the closest you'll find is .localhost, defined and reserved in RFC 2606). Accordingly .local should never be used, as ICANN could one day assign that TLD to someone.
The Right Thing to do is to register a domain of your own like example.com, and assign hostnames under it (perhaps under internal.example.com) as appropriate.

That being said, if you want to use .local or .lan as the top level domain for your internal hosts you certainly would not be alone, and at this point the likelihood of anyone trying to usurp .local, .lan, or .private is pretty low: They are used so pervasively that trying to correct the decades of badness would not be worth the fight.
Note however that such machines and names should not be reachable from (or exposed in any way to) the public internet. It is a lesser sin, similar to emitting RFC-1918 network addresses over your public interfaces, and people like me will frown disapprovingly at you in public, and make fun of your network information leaks in private.

Also note that *nix machines do not really have a concept of "domain" in the Active Directory sense of the word -- the closest analog would be NIS domains, which aren't tied to DNS the way AD is.
A bare *nix system really only knows of its own personal hostname, which need not be a fully qualified domain name (alice is just as valid as alice.wonder.lan), though by convention many administrators use the fully qualified DNS name of the machine as its hostname.
This gives you an out against using "unofficial" domain names like .local, but IMHO is less "correct" than having a valid, assigned, fully-qualified domain name as your system's hostname.

Community
  • 1
voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • This clears things up a whole bunch. Thanks again voretaq7. – Chad Harrison Jun 18 '12 at 21:31
  • 3
    .local doesn't *yet* have an official status but it is specified in an Internet Draft: http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt It's used by OS X, UNIX/Linux machines running Avahi, and Windows machines running Bonjour. – Gerald Combs Jun 18 '12 at 22:37
  • 1
    Since February 2013 [RFC6762](https://tools.ietf.org/html/rfc6762) is official and .local is reserved for Multicast DNS. (details in the answer from @zigg) – Matthias Weiler Jan 19 '16 at 12:08
3

It's not yet official, but it might as well be given its ubiquity: .local is used for link-local name resolution in multicast DNS:

This document specifies that the DNS top-level domain ".local." is a special domain with special semantics, namely that any fully-qualified name ending in ".local." is link-local, and names within this domain are meaningful only on the link where they originate. This is analogous to IPv4 addresses in the 169.254/16 prefix, or IPv6 addresses in the FE80::/10 prefix, which are link-local and meaningful only on the link where they originate.

You'll find both Apple products and modern Linux distributions running Avahi will use .local in this way with zero configuration. On my own network, I took advantage of this and stopped maintaining a local DNS zone, since we pretty much exclusively use Linux and OS X—Bonjour for Windows filled in the last blank for Windows machines.

If you need to actually maintain a DNS zone, I recommend making a subdomain of a domain you've registered (e.g. lan.example.com) and using split-horizon DNS to resolve the local domain internally. Without even an Internet draft to cite, it's hard to justify Windows' continued recommendation of .local domain use.

zigg
  • 163
  • 1
  • 2
  • 12