On 03.09.2017 06:32, Måns Nilsson wrote:
yes and no; AD is more, and so many companies got the advice to use a domain name,Corporate environments are a somewhat different matter, since you can expect them to own their own domain name and have people who can set up devices to use it.BUT this need not necessarily be a public domain ..., just think of Active Directory Domains ...AD is DNS, and it follows the same rules.
that is NOT public, because it is not internet ...
even if I fully ACK this, but 15 years ago, nobody said, that ".local", ... would conflict one day ... and also the company I work for has decided at these times to use a ".local" as internal domain and AD;A sub-domain, a separate domain or two-face (using the same domain name as you public-facing resources but a different set of authoritative servers and some careful setup of full-service resolvers), all work. The single thing that does not work is to use name-space you do not own (like LOCAL or a domain name from a non-existent TLD, like "web". Ooops. It does now...) and hope it doesn't escape. Or that somebody registers the name and tries to impersonate you.
now it is impossible to change this ...
I for myself use a ".home.arpa" as internal name (I'm no company just a citizen),
and for IPv6 connections I use a subdomain of my public domain, which is only used to get resolved correctly ...e.g. the IPv6 of my proxy resolves to proxy.sub.example.com and proxy.sub.example.com resolved to this IPv6 ... and router (firewall) blocks the whole prefix to be connected from outside (internet) ...
Greetings, Walter
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
