24

Is it okay to use app.mycoolname.local for URLs that are private / internal?

We have several applications that are web based, but they are private apps and are not exposed to the public.

We have been using ".net" for some of these, which doesn't make sense since they could collied with a real URL on the internet. That hasn't been a problem yet.

But now I have a new group of applications and I want to name them using a "popular" name that will definatly collide with a URL on the internet.

Should I use app.mycoolname.local? I have it set up this way right now, and it seems to be working. I have read a few places where it was encouraged, but then I saw a few places where it wasn't working (some problem on Mac, but we don't have those, so NBD).

palehorse
  • 4,179
  • 5
  • 28
  • 27
  • Please consider support by browser when write .local not show as search should shown as domain,the supported was **.test**,**.example** that supported by browser so not gonna redirect it search engine,it's tested on both brave,firefox dev – Zaman Oof Oct 16 '21 at 06:12

13 Answers13

36

Do not use .local. Do not use .anythingyoujustmadeup either. Don't even use the reserved TLDs. Use a real domain or sub domain and just don't allow it to be visible to the outside world. The main reason for this is when you work for company A that uses .local (or example.com) and they buy company B that also uses .local (or example.com). Not a lot of fun bringing the two namespaces together.

goo
  • 2,838
  • 18
  • 15
  • 2
    We have (e.g.) server.ourcompany.com and otherserver.ourcompany.local; not much chance of a collision unless company B is also called "ourcompany". We should probably use (e.g.) otherserver.corp.ourcompany.com, but the decision was made a while back. – Roger Lipscombe Oct 16 '09 at 08:19
16

Do not use an invented TLD. If ICANN were to delegate it, you would be in big trouble. Same thing if you merge with another organization which happens to use the same dummy TLD. That's why globally unique domain names are preferred.

The standard, RFC 2606 reserves names for examples, documentation, testing, but nothing for general use, and for good reasons: today, it is so easy and cheap to get a real and unique domain name that there is no good reason to use a dummy one.

So, buy iamthebest.org and use it to name your devices. Other solution: local.yourdomain.org.

bortzmeyer
  • 3,903
  • 1
  • 20
  • 24
  • 2
    @MarkJohnson That is not true, the [ICANN Applicant Guidebook](http://newgtlds.icann.org/en/applicants/agb) has a list of reserved names in section 2.2.1.2.1 *"AFRINIC IANA-SERVERS NRO ALAC ICANN RFC-EDITOR APNIC IESG RIPE ARIN IETF ROOT-SERVERS ASO INTERNIC RSSAC CCNSO INVALID SSAC EXAMPLE* IRTF TEST* GAC ISTF TLD GNSO LACNIC WHOIS GTLD-SERVERS LOCAL WWW IAB LOCALHOST IANA NIC"* – Scott Chamberlain Apr 14 '15 at 19:53
  • 2
    After reading this question, I decided on ".in.mydomain.com" and I've been pleased. "in" being short for "internal" of course. Even makes for great ssh aliases: "ssh host1.in" and let the `~/.ssh/config` file sort the rest out. – freb Apr 16 '15 at 04:15
  • @MarkJohnson Oh, I agree. you should be using a domain you own. I just did not want to perpetuate "**Everything** to the right of the dot..." – Scott Chamberlain Apr 21 '15 at 21:29
13

I wouldn't use .local unless you understand how zeroconf works, as it will become a bigger deal when you start to see IPv6 move into the mainstream.

In the past, I've used:

  • Made up TLD (not a good practice for a variety of reasons)
  • Internal subdomain (ie. corp.example.com)
  • Internal domain with a different TLD (ie example.net)

IMO, either of the latter options are better ideas.

duffbeer703
  • 20,077
  • 4
  • 30
  • 39
  • 2
    If you go for the last option, make sure you *own* the domain name with different TLD! I own a vanity .net domain name whose corresponding .com is owned by a small business thousands of miles away from me. They were using the .net version for an internal network, and I was getting all their internal emails! I called them up and told them what was happening, and they wouldn't believe me. Eventually they figured it out, but that was a huge headache for all of us. Could have been a serious privacy breach too, had they been a doctor's office or law firm. – Matthew Leingang Jun 06 '18 at 12:07
10

Technically you shouldn't use it. It's used by multicast DNS / zero configuration networking for link-local addresses. In practice it doesn't seem to matter much. I've been using a Mac laptop (which uses zeroconf) on an internal network with a .local suffix for the past couple of years without any issues.

Gerald Combs
  • 6,331
  • 23
  • 35
9

As Gerald Combs pointed out .local is a reserved domain and should not be used other than intended.

As Gerald Combs pointed out the .local domain is used by a lot of Apple (and others) software and therefore using it in another way could cause problems with this software.

Why not use a subdomain of your public site? Something like app.internal.mycompany.com would be appropriate and wouldn't collide with your public site.

Albic
  • 424
  • 3
  • 6
  • That's a pretty good idea - I hadn't thought of that. It would make for a slightly longer URL, though. –  Jul 28 '09 at 19:08
  • 3
    No, .local is NOT reserved. And that is precisely the reason why it should not be used. Otherwise, I fully agree. – bortzmeyer Jul 28 '09 at 19:45
  • 1
    -1 for saying .local is reserved – goo Jul 28 '09 at 20:33
  • 1
    You're right, "reserved" might not be the right word. Anyway .local is used by a lot of Apple software and therefore using it in another way could cause problems with this software. – Albic Jul 28 '09 at 20:49
  • @Brian Set up a domain search path on your computers (you can do this by Group Policy in the Microsoft world; I'm sure there are equivalents for Mac / Linux) and then all you need in the URL is `http://app/` – Richard Gadsden Feb 02 '12 at 18:15
5

.local is used by Microsoft's Small Business Server and by MDNS on Macs (ie Bonjour). I think the fact that it's used by both Apple and Microsoft makes it unlikely that ICANN would delegate it, but it's not reserved and it does remain theoretically possible that they might.

I'd use something like server.internal.yourcompany.com

Richard Gadsden
  • 3,696
  • 4
  • 28
  • 58
  • 2
    Yeah, I'm surprised ICANN still hasn't reserved .local, especially considering that anyone with enough money can now register their desired TLD. – Martijn Heemels Nov 09 '11 at 20:14
2

If you were after some more information on .local and why it may or may not be an issue for you to use it. There don't actually seem to be any reserved zones for internal use

Community
  • 1
Ben Quick
  • 1,215
  • 1
  • 8
  • 8
2

read http://cr.yp.to/djbdns/dot-local.html and then choose your local domain name. summary: do not invent your own, either buy a real domain or use .1 - .9

akira
  • 531
  • 2
  • 11
2

A nice compromise solution is to use an internal subdomain in conjunction with a DNS search path.

As a real-life example, an app I'm working on might be addressed in full as some-app.beta.internal.mycompany.com, but as internal.mycompany.com is in the DNS search path for workstations as returned by the DHCP server, I can access it as some-app.beta. There's still a possibility of collision if these names are chosen poorly, but in that event a collision can be resolved using an FQDN. (Or, if you want to protect yourself, by always using FQDNs for the important stuff -- although the final dot in DNS names is sadly neglected.)

hobbs
  • 528
  • 3
  • 8
0

As pointed out by many; in general a bad idea to use an unregistered TLD for intranets. However [0] states that there are some commonly used nanmes (although not approved for intranet use only). [0] still discourages to use the mentioned TLD for local nets, and local. should not be used in any other situation than a multicast DNS.

[0] RFC6762, appendix G : https://www.rfc-editor.org/rfc/rfc6762#appendix-G

Community
  • 1
Gustav
  • 1
-2

I've always been a big fan of the internal .lan TLD, myself.

law
  • 1,400
  • 3
  • 10
  • 11
  • 5
    As bad as .local and for the same reason http://serverfault.com/questions/17255/top-level-domain-for-private-networks/17566 – bortzmeyer Jul 28 '09 at 19:54
-3

We use .local all the time with both macs and pcs. Enjoy

dubRun
  • 1,079
  • 2
  • 12
  • 22
-8

It's perfectly acceptable to use a .local zone. We have one for our internal network, mainly used for development sites, but it works well.

palehorse
  • 4,179
  • 5
  • 28
  • 27
  • 1
    Cool, thanks. I just wanted to be sure I wasn't doing something dumb. –  Jul 28 '09 at 19:09
  • 20
    Bad idea for the reasons explained in http://serverfault.com/questions/17255/top-level-domain-for-private-networks/17566 – bortzmeyer Jul 28 '09 at 19:44
  • 3
    See the article at http://en.wikipedia.org/wiki/Pseudo-top-level_domain. While it's not a guarantee, .local will, in all likelihood, be just fine. – palehorse Jul 28 '09 at 20:21
  • 11
    no, no, no. .local is not reserved, do not use it. – goo Jul 28 '09 at 20:24
  • local has terrible performance on macs. – Evert Jan 21 '13 at 15:32
  • 2
    @palehorse, "The **implementation of both approaches on the same network can be problematic**, however, so resolving such names via “unicast” DNS servers has fallen into disfavor as [devices] supporting zero-configuration networking (zeroconf) have become increasingly common." — http://en.wikipedia.org/wiki/.local – toolbear74 Aug 25 '14 at 12:02
  • 1
    This answer is correct and these comments are no longer relevant as of 2013. https://tools.ietf.org/html/rfc6762. – Erik Aronesty Aug 02 '18 at 13:50