Hi. On Mon, Feb 19, 2018 at 08:30:28PM +0000, Joe wrote: > On Mon, 19 Feb 2018 19:28:55 +0000 > Brian <a...@cityscape.co.uk> wrote: > > > On Mon 19 Feb 2018 at 19:08:42 +0000, Brad Rogers wrote: > > > > > On Mon, 19 Feb 2018 18:58:25 +0000 > > > Brian <a...@cityscape.co.uk> wrote: > > > > > > Hello Brian, > > > > > > >Avoiding using any of the examples you give is also recommended > > > >because you do not own the domain name google.com and have no > > > >right to use it. > > > > > > I took that as a given. > > > > > > Still, it's probably as well to point it out because you never know; > > > some buffoon may think it's clever or (forgive me for this) 'kewl' > > > to do so. > > > > Could be inadvertent. ilovecats.com or scratchyouritch.com or > > deeppockets.com look good and safe when you are installing. > > microsoft20.com (but not google20.com) is ok until someone > > registers it. > > > > The best thing is to leave the domain name field blank unless > > you *know* you need one. I do not think either the installer > > or the documentation put it like this. > > > > It is somewhat safer to use a non-existent top level domain, though > less so that it used to be. I would think '.invalid' ought to remain > safe, but you never can tell what fools will do.
No, it's not safe, according to RFC 6761, chapter 6.4: 2. Application software MAY recognize "invalid" names as special or MAY pass them to name resolution APIs as they would for other domain names. 3. Name resolution APIs and libraries SHOULD recognize "invalid" names as special and SHOULD always return immediate negative responses. Name resolution APIs SHOULD NOT send queries for "invalid" names to their configured caching DNS server(s). 4. Caching DNS servers SHOULD recognize "invalid" names as special and SHOULD NOT attempt to look up NS records for them, or otherwise query authoritative DNS servers in an attempt to resolve "invalid" names. Instead, caching DNS servers SHOULD generate immediate NXDOMAIN responses for all such queries. This is to avoid unnecessary load on the root name servers and other name servers. If you need something that's *recognized* by IETF, and won't broke the way yet another application developer sees fit, you need ".test". Reco