.local already exists. More idiocy from ICANN.
this post was submitted on 29 Jan 2024
57 points (96.7% liked)
Sysadmin
7726 readers
2 users here now
A community dedicated to the profession of IT Systems Administration
No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]
founded 2 years ago
MODERATORS
.local exists for a very specific reason and it’s not meant to be used by regular DNS… people use it for alternate things, but it’s reserved for mDNS
if .internal were to be added, we could start using that instead of overloading!
.local is a bad choice especially if you have any MAC hosts on the network.
There is an RFC about that, but I'm too sleepy to goook it up
Please no
It would be nice to figure out a way to get local SSL certs for .lan and .local domains though.
I just use a subdomain of my main domain and use dns validation of let's encrypt.
That requires outside authentication though. I think it would be cool to incorporate some SSL into dhcp
That will never happen. SSL is based on trust, and the trust root will never blindly delegate to whatever happens in random LANs. Subdomain is 100% the right approach for internal network.
It can and has already happened. You can make your own root ca. Internal domains need internal root cas. Is it a pia to setup yes. Do I have it installed on my unrooted android phone and linux computers? Yes.
Edit: I didn't see the dhcp part. But you can still make your own root ca
op was obviously referring to public root CAs
I didn't get that
and IT'S OK, we don't want you to burn out
I'm already burnt out. Womp womp
go outside and pet a dog
Rare here but I'll try and find one
The maintainers of DHCP can't even be bothered standardising a query to check if an address is currently in use, doubt they could take on being a CA at the same time
Time for your own CA
What's wrong with it?
Internal is 8 letters while lan is three
You can do this, I already use .internal and you can male your own root ca and make your own certificates with that
If only they had done this with .local ages ago. Still, it's a nice change, but I doubt my company will adopt.
We broke .local, pls give another chance, we promise we'll be responsible with .internal tho
For real. Once Google and others started killing DNS lookups in mobile devices, think about how many legacy networks had to get rebuilt.
Maybe we could all just make up our minds.
Honestly the whole fabric of the internet, how email/SMTP and DNS and things work, is just a relic of an earlier time. I honestly think the money-men have their hands deep enough into the workings at this point that you wouldn't be able to create something like those things today and have them go anywhere. I'm surprised that it all still works as well as it does.
You mean the OSI and TCP/IP models? Or just specifically TCP/UDP ports?
No, I was talking about the shared infrastructure. SMTP, DNS, ICANN, things like that require a level of cooperation and shared investment in the whole thing working well, not really because anyone's going to "win" the business game by running it to their particular advantage. That's a very alien way of thinking on the modern internet. The equivalent today would be something like massive publicly available caching web proxies that anyone could use as a big reverse-CDN to speed up their web access that were just kind of provided to everyone, government-funded, just sitting out there as a public resource. You know, like communism.
I've heard network engineers say they had a lot of trouble talking to their bosses about "peering" (setting up routes between two ISPs that happen to have operations close to each other, so they can hand traffic off to each other if it'd be more efficient to use the other guy's routes and both networks get more efficient to operate). They said they had a lot of trouble explaining the concept to the business people. They pay us for service? Fine. We pay them for service? Fine. We provide service to each other and both of us benefit without any money being involved? Plt... bzzt... I give up, I don't get it. Who gets paid? Why do we do this?
They've lost sight of the idea that it's a good thing to set up the world in a nice well working way (for everyone, including yourself), and just focused on how they can make their check bigger even if there's no point, or even if everything gets worse as a result.
Just out of curiosity, does your company use a different TLD or something more arbitrary/just an IP?
Abolish ICANN.
Explain what's wrong with this. I'm out of the loop, seems like a good idea to me at first glance.
It's the SPOF for most of the internet, it's function should be democratic and distributed.
Registering TLDs costs absurd amounts of money last I checked.
SPOF = single point of failure
Porn sites would like this.
I have clients that use internal, but they do it as a subdomain; so internal.contoso.com
Any internal only domains that I set up are probably going to go the same way. I've used domain.local previously, and the DNS headache I get from that is immeasurable.
With so many things going "to the cloud" or whatever, the internal.domain.tld convention tends to make more sense to me.
What's everyone else doing?