Re: [DNSOP] DNS names for local networks - not only home residental networks ...

"Walter H." <> Sun, 03 September 2017 18:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DF84213234E for <>; Sun, 3 Sep 2017 11:47:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AGEIqdl0Wm_h for <>; Sun, 3 Sep 2017 11:47:37 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BC6A8132351 for <>; Sun, 3 Sep 2017 11:47:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=dkim11; h=Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=QxdeYmZDfAt+LItMwj0DFDwwvHvRsdTD8jXbNKhI+8A=; b=lorrTtZFwCAjIQ0PY97/sFIKBHddH7n4YH6UA7QzNkdo/GH88j3QMYT9mUUJiP4MLFrRVmNbdarC8T0oi7aNNlnPEYcq335dupL5JJDWGDp0+TXmdZAoTW5Bus+A1yvmsuW+5WxFkJv25DUyK5YU4slUoXPVjRmafb/0GEQR32U=;
Received: from [] (helo=home.mail) by with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84_2) (envelope-from <>) id 1doZvg-0001Xr-ML; Sun, 03 Sep 2017 20:47:32 +0200
Message-ID: <>
Date: Sun, 03 Sep 2017 20:47:30 +0200
From: "Walter H." <>
Organization: Home
User-Agent: Mozilla/5.0 (UNIX; U; Cray X-MP/48; en-US; rv:2.70) Gecko/20110929 Communicator/7.20
MIME-Version: 1.0
To: Måns Nilsson <>
CC: Tony Finch <>, "" <>
References: <> <> <> <> <>
In-Reply-To: <>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="------------ms010503000509090806050804"
X-SA-Do-Not-Run: Yes
X-AV-Do-Run: Yes
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
Archived-At: <>
Subject: Re: [DNSOP] DNS names for local networks - not only home residental networks ...
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 03 Sep 2017 18:47:41 -0000

On 03.09.2017 06:32, Måns Nilsson wrote:
> Corporate environments are a somewhat different matter, since you can
> expect them to own their own domain name and have people who can set up
> devices to use it.
>> BUT this need not necessarily be a public domain ..., just think of Active
>> Directory Domains ...
> AD is DNS, and it follows the same rules.
yes and no; AD is more, and so many companies got the advice to use a 
domain name,
that is NOT public, because it is not internet ...
>   A sub-domain, a separate domain
> or two-face (using the same domain name as you public-facing resources
> but a different set of authoritative servers and some careful setup of
> full-service resolvers), all work. The single thing that does not work
> is to use name-space you do not own (like LOCAL or a domain name from a
> non-existent TLD, like "web". Ooops. It does now...) and hope it doesn't
> escape. Or that somebody registers the name and tries to impersonate you.
even if I fully ACK this, but 15 years ago, nobody said, that  ".local", 
... would conflict one day ...
and also the company I work for has decided at these times to use a 
".local" as internal domain and AD;
now it is impossible to change this ...

I for myself use a "" as internal name (I'm no company just a 
and for IPv6 connections I use a subdomain of my public domain,
which is only used to get resolved correctly ...
e.g.  the IPv6 of my proxy resolves to and resolved to this IPv6 ...
and router (firewall) blocks the whole prefix to be connected from 
outside (internet) ...