I've talked to many customers about using .local in the domain name (example: mydomain.local). I've always stated that they should not and some of the reasons are:
----snip----
From: http://en.wikipedia.org/wiki/.local
Multicast DNS standard
Internet Engineering Task Force
(IETF) standards-track RFC 6762, which has been approved and was officially
published on February 20, 2013, essentially reserves the use of .local as a
pseudo-TLD for link-local hostnames that can be resolved via the Multicast DNS
name resolution protocol. Page 5 of that publication states:...this document allows any computer user to elect to give their computers link-local Multicast DNS host names of the form: "single-dns-label.local.". For example, a laptop computer may answer to the name "MyComputer.local."...
This document specifies that the DNS
top-level domain ".local." is a special domain with special semantics,
namely that any fully qualified name ending in ".local." is
link-local, and names within this domain are meaningful only on the link where they originate.
This is analogous to IPv4 addresses in the 169.254/16 prefix or IPv6 addresses
in the FE80::/10 prefix, which are link-local and meaningful only on
the link where they originate.
Any DNS query for a name ending with
".local." MUST be sent to the mDNS IPv4 link-local multicast address
224.0.0.251 (or its IPv6 equivalent FF02::FB)
...Implementers MAY choose to look
up such names concurrently via other mechanisms (e.g., Unicast DNS) and
coalesce the results in some fashion. Implementers choosing to do this
should be aware of the potential for user confusion when a given name can
produce different results depending on external network conditions (such
as, but not limited to, which name lookup mechanism responds faster).
Name resolution issues may arise if
multicast DNS software is used in conjunction with a network that
implements the local top-level DNS domain.
MS Recommendations
The connection of Macintosh and
Linux computers and/or zeroconf peripherals to Windows networks can be
problematic if those networks include name servers that use .local as a search
domain for internal devices.
At one time, Microsoft at least
suggested the use of .local as a pseudo-TLD for small private networks with
internal DNS servers, via documents that (as of this writing) are still
accessible. For example, support article 296250 included the following option:
Make the name a private domain name
that is used for name resolution on the internal Small Business Server
network. This name is usually configured with the first-level domain of .local. At
the present time, the .local domain name is not registered on the
Internet.
However, more recent articles have
cautioned or advised against such use of the .local TLD.
Support article 300684 listed
contoso.local as an example of a "best-practice Active Directory
domain name", but then added:
We recommend that you register DNS
names for the top-most internal and external DNS namespaces with an
Internet registrar. which would of course preclude using
that or any other domain ending with .local.
Technet article 708159 suggested
.local for the exact opposite reason:
Using the .local label for the full
DNS name for the internal domain is a more secure configuration because
the .local label is not registered for use on the Internet. This separates your
internal domain from your public Internet domain name.
but later recommended against it:
If you have Macintosh client
computers that are running the Macintosh OS X version 10.2 operating system or
later, ... it is recommended that you do not use the .local label for the
full DNS name of your internal domain. If you have Macintosh client computers
that are running the Macintosh OS X version 10.3 operating system or
later, ... it is recommended that you do not use the .local label for the
full DNS name of your internal domain. If you must use the .local label, then
you must also configure settings on the Macintosh computers so they can
discover other computers on the network. For more information about how to
configure client computers running Macintosh OS X version 10.3 or later, see
"Connecting Macintosh Computers to a Windows Small Business Server 2003
Network" on the Microsoft Web site.
Technet article 726016[5] cautioned
against using .local:
...we do not recommend using
unregistered suffixes, such as .local.
Global .local DNS queries
.local is an officially reserved
Special-Use Domain Name and such host names will never be resolvable by the
global Domain Name System
References
1.Cheshire, Stuart, and Krochmal,
Marc. "RFC 6762: Multicast DNS". Internet Engineering Task Force.
2."Domain Name System name
recommendations for Small Business Server 2000 and Windows Small Business Server
2003". support.microsoft.com.3."Information about configuring Active Directory domains by using single-label DNS names". support.microsoft.com.
4."Internal Domain Information (OEM)". technet.microsoft.com.
5."Selecting the Forest Root
Domain". technet.microsoft.com.
6."Special-Use Domain
Names".
7.George Kirikos. "Most Popular
Invalid TLDs Should Be Reserved". Circle ID. Archived from the original on 21
June 2009. Retrieved 2013-04-12.8."Most Popular TLDs Queried". root-servers.org. Archived from the original on 2009-09-16.
----snip----
More info:
Active Directory Domain Naming Considerations:
http://social.technet.microsoft.com/wiki/contents/articles/17974.active-directory-domain-naming-considerations.aspx
I will post more about this when time permits.
Best regards,
/Jimmy
1 comment:
Very Nice post !
Post a Comment