14

I have read that it's not OK to use .local in a domain especially with Microsoft Windows servers. I have also read the Windows Active Directory naming best practices article on ServerFault which was helpful but hadn't completely answered my question regarding "local" I was thinking it was somehow a reserved keyword and would present problems.

I own the domain keiboom.com and set up my Active Directory domain as local.keiboom.com. Can this create problems?

Community
  • 1
Kevin Boucher
  • 245
  • 1
  • 2
  • 7

3 Answers3

26

No, that's fine.

The warning is against using domain.local as your AD domain name.

local.domain.tld is perfectly acceptable.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • 3
    Why do I have a feeling this is going to be one of those drive by +100 answers in a month? :) – TheCleaner Oct 27 '16 at 21:10
  • @joeqwerty: Thanks appreciate the input. I'm guessing I probably should've called it something like internal.keiboom.com – Kevin Boucher Oct 28 '16 at 04:02
  • TBH, there's no right or wrong here. local.keiboom.com, internal.keiboom.com, corp.keiboom.com, office.keiboom.com, ad.keiboom.com, etc., etc. would all be perfectly fine. – joeqwerty Oct 28 '16 at 12:29
12

I'm not an expert on windows but in this case it does not matter. the .local domain is reserved for MDNS:

On linux at least by default the resolver uses Avahi (A mDNS implementation) for resolving hosts in the .local domain, skipping DNS so you get surprising DNS resolutions errors. I guess for similar reasons this can be a problem in Windows / AD too.

So, in short, don't use anything ending with .local as a domain as sooner or later it'll hurt.

The domain you've chosen, local.keiboom.com, seems OK though, but beware if you have websites hosted about the cookie domain (.keiboom.com from outside can be mixed with local.keiboom.com from the inside so you'll have to be careful with webapps).

Community
  • 1
Fredi
  • 2,227
  • 9
  • 13
  • Thanks, so it's more the ending that I'm concerned about correct? I am just having some weird DNS resolution errors were a VM cannot join the domain running Windows server 2012 with AC DC , DNS, DHCP and Hyper-V, but I think it's because I am not using a separate domain controller. – Kevin Boucher Oct 27 '16 at 20:47
  • 2
    We have an `example.local` domain at work in a previously Windows centric shop and, as stated in the answer, causes DNS issues on Linux unless `mdns4_minimal` is removed from `/etc/nsswitch.conf` which causes all sorts of confusion for new starters or people moving to Linux on their workstations. – ydaetskcoR Oct 28 '16 at 09:44
0

As others have noted, RFC 6762 reserves the .local tld for use with multicast dns (mDNS). In the absence of mDNS, using .local would be fine, but because of the widespread use of mDNS, it is not a good idea to use that domain except for its intended purpose.

That said, there are domains reserved for local use in RFC 2606. These domains are .example, .invalid, .test, and .localhost. The rfc indicates they are each intended for a particular purpose, and that some systems may already utilize them:

  ".test" is recommended for use in testing of current or new DNS
  related code.

  ".example" is recommended for use in documentation or as examples.

  ".invalid" is intended for use in online construction of domain
  names that are sure to be invalid and which it is obvious at a
  glance are invalid.

  The ".localhost" TLD has traditionally been statically defined in
  host DNS implementations as having an A record pointing to the
  loop back IP address and is reserved for such use.  Any other use
  would conflict with widely deployed code which assumes this use.
bschlueter
  • 107
  • 4