If we didn’t have a bazillion TLDs these days we’d be ok and everyone can carry on using .local or .lan and be happy that they’re not real TLDs. Now when anything could be a TLD because every word you’ve ever heard is a TLD, you don’t know if its real or not.
Reserved TLDs are documented. The issue is they prioritized all the crazy ones before they added what people at home and businesses were actually using. ICANN won’t sell .lan because it is used too much. They haven’t tried so there is no official decision, but they won’t - they did try .corp and .home and abandoned it.
.local is reserved in RFC 6762, but for multicast DNS.
People have been told for a very long time not to use fake TLDs. I don’t think it’s reasonable to accommodate people who can’t follow instructions.
Looks like *.lair is still a great one for a local TLD.
Just rock your “Evil.subterranean.lair” people.
You could also go for “Wicked.volcano.lair”
Or even “morallywrong.commercialrealestate.lair”
Also, anyone taking bets on how many “Internal” TLDs are gonna be used for porn?
Very few as this ruling would reserve .internal for local DNS only and forbid it at the global level. This is ICANN’s solution to people picking random .lan .local .internal for internal uses. You’ll be able to safely use .internal and it will never resolve to an address outside your network.
Yes, you’re right, RFC 6762 proposes reserving .local for mDNS. I was not aware of this until you brought it up, hence the dangers of using using TLDs not specifically designated for internal use.
A good move!
I’m surprised they didn’t codify “.lan” though since that one is so prevalent.
Seconding the other comment, lots of orgs picked .lan and then over the last few years have moved things into the cloud and .lan has become a meaningless soup since half the shit isn’t even on local network. Now it just means “needs a vpn or ztn to talk to”
Luckily my last three orgs finally bought a second domain for private dns. It’s quickly becoming a pattern that myorg.com owns myorg.tech or whatever for private traffic. Domains are cheap as fuck compared to everything else a business spends money on, it’s really silly how many people are using hacks for this
I think needing a VPN to access the internal network is a good practice. And if you’re going to be used a VPN anyway, I don’t see why you wouldn’t use a “fake” TLD like .lan for internal stuff, after all it’s just simple DNS rules.
Certainly better than the awkward .home.arpa.
Huh, I’ve seen .local used for this quite a bit and only just now realised that it’s meant for something else.
I’ve also seen .corp 🤮
And .home.
Hopefully this .Internal domain takes off and becomes generally recognized as the only correct non-routable domain we all use. Otherwise it’s just the latest addition to the list of possible TLDs and confusion continues.
.zip is already a thing
https://www.malwarebytes.com/blog/news/2023/05/zip-domains
It’s such a shitty situation. ICANN is not going to sell .home or .corp as they found a crapton of traffic when they checked for it, but IETF never finished an RFC for them - however people easily stumble into the draft RFC that lists what they were thinking of, and assume stuff like .lan is good to go too. They’re safe by ICANN policy, but unsanctioned.
.home.arpa is safe, per RFC, but user unfriendly to normal people. There are a few others but none a corporation would realistically use. I’ve used . internal for lab testing stuff for ages, so this is extra good news for me I guess.
Really I wish they’d have just reserved the most common ones rather than getting caught in some bureaucratic black hole.
