• Pup Biru@aussie.zone
      link
      fedilink
      arrow-up
      35
      ·
      edit-2
      11 months ago

      .local exists for a very specific reason and it’s not meant to be used by regular DNS… people use it for alternate things, but it’s reserved for mDNS

      if .internal were to be added, we could start using that instead of overloading!

    • LordCrom@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      .local is a bad choice especially if you have any MAC hosts on the network.

      There is an RFC about that, but I’m too sleepy to goook it up

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    21
    ·
    edit-2
    11 months ago

    Please no

    It would be nice to figure out a way to get local SSL certs for .lan and .local domains though.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        8
        ·
        11 months ago

        That requires outside authentication though. I think it would be cool to incorporate some SSL into dhcp

        • nbailey@lemmy.ca
          link
          fedilink
          English
          arrow-up
          11
          ·
          11 months ago

          That will never happen. SSL is based on trust, and the trust root will never blindly delegate to whatever happens in random LANs. Subdomain is 100% the right approach for internal network.

          • duplexsystem
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            11 months ago

            It can and has already happened. You can make your own root ca. Internal domains need internal root cas. Is it a pia to setup yes. Do I have it installed on my unrooted android phone and linux computers? Yes.

            Edit: I didn’t see the dhcp part. But you can still make your own root ca

        • Fontasia@feddit.nl
          link
          fedilink
          arrow-up
          4
          ·
          11 months ago

          The maintainers of DHCP can’t even be bothered standardising a query to check if an address is currently in use, doubt they could take on being a CA at the same time

    • duplexsystem
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      You can do this, I already use .internal and you can male your own root ca and make your own certificates with that

  • theit8514@lemmy.world
    link
    fedilink
    arrow-up
    18
    ·
    11 months ago

    If only they had done this with .local ages ago. Still, it’s a nice change, but I doubt my company will adopt.

        • mozz@mbin.grits.dev
          link
          fedilink
          arrow-up
          5
          ·
          11 months ago

          Honestly the whole fabric of the internet, how email/SMTP and DNS and things work, is just a relic of an earlier time. I honestly think the money-men have their hands deep enough into the workings at this point that you wouldn’t be able to create something like those things today and have them go anywhere. I’m surprised that it all still works as well as it does.

            • mozz@mbin.grits.dev
              link
              fedilink
              arrow-up
              5
              ·
              11 months ago

              No, I was talking about the shared infrastructure. SMTP, DNS, ICANN, things like that require a level of cooperation and shared investment in the whole thing working well, not really because anyone’s going to “win” the business game by running it to their particular advantage. That’s a very alien way of thinking on the modern internet. The equivalent today would be something like massive publicly available caching web proxies that anyone could use as a big reverse-CDN to speed up their web access that were just kind of provided to everyone, government-funded, just sitting out there as a public resource. You know, like communism.

              I’ve heard network engineers say they had a lot of trouble talking to their bosses about “peering” (setting up routes between two ISPs that happen to have operations close to each other, so they can hand traffic off to each other if it’d be more efficient to use the other guy’s routes and both networks get more efficient to operate). They said they had a lot of trouble explaining the concept to the business people. They pay us for service? Fine. We pay them for service? Fine. We provide service to each other and both of us benefit without any money being involved? Plt… bzzt… I give up, I don’t get it. Who gets paid? Why do we do this?

              They’ve lost sight of the idea that it’s a good thing to set up the world in a nice well working way (for everyone, including yourself), and just focused on how they can make their check bigger even if there’s no point, or even if everything gets worse as a result.

    • breadsmasher@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      Just out of curiosity, does your company use a different TLD or something more arbitrary/just an IP?

      • 5714@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        9
        ·
        edit-2
        11 months ago

        It’s the SPOF for most of the internet, it’s function should be democratic and distributed.

        Registering TLDs costs absurd amounts of money last I checked.

  • MystikIncarnate@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    I have clients that use internal, but they do it as a subdomain; so internal.contoso.com

    Any internal only domains that I set up are probably going to go the same way. I’ve used domain.local previously, and the DNS headache I get from that is immeasurable.

    With so many things going “to the cloud” or whatever, the internal.domain.tld convention tends to make more sense to me.

    What’s everyone else doing?