Your specific issue might not be because the .local TLD, but .local is a special ‘reserved’ name for multicast DNS. You can use any other (including fake) TLD that is not registered. There are some other TLDs that are ’special’, like the one used for reverse-IP records in APIPA. Best to avoid such things as not all network software takes care of those special names the way they should.
Some hosts might treat .local special and ignore DNS servers or DNS query responses that are not from mDNS. Some hosts might first query DNS and then mDNS, some might do it the other way around. Some systems disable mDNS or .local mDNS if a static .local zone is detected which breaks Bonjour and ZeroConf in most configurations. In my experience, mixing mDNS and DNS by introducing a .local is just going to create more problems. I would suggest registering a DNS name but not using it externally, just internally. For example, you could take something like my-internal-domain.net <http://my-internal-domain.net/> but simply not host anything externally and remove all records, maybe even disable name servers. There probably are better conventions for this, but using a ‘real’ (but dead to the outside) has served me well. Multiple subdomains shouldn’t be a problem, but there probably are limits to the depth of subzones. For my setups, I usually don’t go deeper than 2 levels, i.e. sub1.sub0.ipa.net <http://sub1.sub0.ipa.net/>. I do tend to make dedicated subzones with NS delegations when I go deeper than 1 level, but in theory, if you only have 1 sublevel, you can leave it as-is and IPA will register your hosts with a dot in the name in the record effectively creating a virtual subzone. There is nothing bad about that, but depending on the management functionaliteit you are trying to create your needs may call for a different setup. One of the important parts of domain naming isn’t as much about IPA’s idea on domains, but very much depends on how kerberos likes names. So if you can’t provide a strong enough guideline in the IPA community or documentation, try the ones for Kerberos (which IPA uses): https://web.mit.edu/kerberos/krb5-1.12/doc/admin/realm_config.html <https://web.mit.edu/kerberos/krb5-1.12/doc/admin/realm_config.html> The same can be (partially) said about Microsof’s AD naming suggestions, as their system also depends on correct naming, uses Kerberos and uses SRV records to find the correct servers for services: https://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspx <https://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspx> One of the quotes from the above sources: > In the past, lots of people chose to use a dummy, unofficial TLD > (top-level-domain) for their internal network, like domain.lan, domain.local > of domain.internal (and also domain.internalhost) > > But this can get you in serious trouble. Because these names are not > supported by internet standards, the most important RFC on this is: RFC 2606 > <http://tools.ietf.org/html/rfc2606> (http://tools.ietf.org/html/rfc2606 > <http://tools.ietf.org/html/rfc2606> ) This RFC standard is very explicit on > choosing domain names for private testing and documentation > Other sources condense the suggestions into: > Option 1: Use a valid TLD (Top Level Domain, also known as routable domain) > registered to your company. Some examples of this are company.ca or > company.com; > Option 2: Use a subdomain of a valid TLD that is registered to your company > Option 3: Use non-TLD name (or non-routable domain). (But not an RFC reserved > name!) John > On 3 Mar 2019, at 19:08, Vivek Aggarwal via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > Thanks John, > > It would be nice if you can elaborate bit more & share your advise on:- > > i) Whats wrong in the current hostname convention as still i dont have clear > understanding what is that which is causing a problem in the current setup? > .. any links/thoughts which can explain this will be of great help . > > ii) Is ".local" is a problem or can i use any other TLD like ".int" ? > > iii) Thirdly what is the recommendation for naming Hostname FQDN , does it > shouldnot have multiple sub domains ?? > > Please bear with my questions in case these look bit naive. Thanks a lot for > sparing time in answering my concerns. > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
