Stop using .local as the top level domain for your LAN

If you live in a country like mine, where most networks are not publicly routable, you’ve probably given your LANs whimsical names so that they don’t have any chance of colliding with “real” domains on the internet.  Of course, if you’re not pedantic (like me) you don’t bother to setup a DNS server since the network is not accessible from the outside anyway.  However, for the few of you who do setup DNS servers on your local area networks I have one request.  PLEASE PLEASE PLEASE do not use a .local top-level domain.  I use .lan, and so should you.

The .local domain is what is called a pseudo-top-level domain.  What does that mean? It means that it’s not an official top level domain usable (routable) on the internet, but it has a semi-official standing because it is used in some applications.  In the case of .local it is used by the Multicast Domain Name Service (mDNS).  Hosts that implement this service use .local as their domain names and have their own way of resolving names.  Normally, this wouldn’t be a problem; however, if you also implement DNS on your network with .local as the top-level domain it will cause serious name resolution issues.  I’ve seen this happen a lot on Linux systems, and I imagine Apple’s OS X will probably have these issues as well.  Usually, on these types of networks you find that DNS name resolution doesn’t work at all or works only some of the time.  In the end, you end up having to use ip addresses all the time because you don’t know whether a name might resolve or not (which negates the whole point of having a DNS server in the first place).

So, instead of naming your PCs server.mycompany.localboss.mycompany.local, and sec.mycompany.local, use server.mycompany.lanboss.mycompany.lan, and sec.mycompany.lan.  I’ve been doing it for many years and haven’t had  any problems.


P.S. – Please, also make sure to turn recursion off on your DNS server so that you don’t clog the internetz with spurious DNS requests for hosts on your internal domain.


4 thoughts on “Stop using .local as the top level domain for your LAN

  1. Ehm, I think you are contradicting yourself. Using .lan is just as bad as using .local. Google it.

    In essence, you should NOT use domain names you do not own. You do not own .lan, so don’t use it.

    • Actually .lan is a reserved top-level domain that is guaranteed to not be used on the wider internet (RFC2606). So, no change of conflict. However, I do understand your general sentiment and would normally recommend that one register a top-level domain. The problem is that in some countries it is very difficult to register a domain name. In such cases it becomes necessary to use a fake one.

      • I totally see and recognize the need, I was using both .local and .lan up until recently myself. In short, I think _for home use_ it is okay, even though you might see .lan be taken later(!). The RFC you refer to is from 1999. But for large businesses it is a problem of leaking network info onto the web. In essence, .local and .lan are similar in use; you are referring to something that does not exist but that is treated by the computers as if it existed. This creates a grey area in your network.

        There are probably people out there using .sexy or .xxx because “they’ll never start using it” too, and here we are:) I think the TLD decision processes are very lax (though slow), when they need and can get more capital allowing more and more specialized names. And the new ones (e.g. .blue or .red) are pretty cheap!

      • The .lan and .local top-level domains are reserved top-level domain names, just like the second level ‘example’ domain, so there is no chance that you will see it in use on the wider internet. The date of the RFC doesn’t matter unless it’s been superceeded by an updated RFC (which this one isn’t). Using any of the reserved top-level domains in a private (i.e. not directly on the internet) LAN is therefor OK. My only preference for .lan over .local is that .local is used by mDNS services and interferes with normal DNS resolution for many *NIX hosts.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s