[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian and FQDN lookup

On Fri, 3 Apr 2015 20:39:26 -0500
David Wright <deblis@lionunicorn.co.uk> wrote:

> I think I/we ought to be using .local
> http://tools.ietf.org/html/rfc6762
> because this won't get onto the Internet.

Really? I've seen an Exchange Server refuse mail from a BT server
because the latter identified itself with .local as tld in the HELO. BT
knows nothing about email.

But there's a certain amount of Microsofting going on here. A few
random machines in a private network don't have a 'domain', the term has
no meaning for them. It's not until the network runs a DNS server, or
provides some service across the Internet, that 'domain' and 'FQDN'
become meaningful. Even in the latter case, 'domain' applies only to
the external interface and to any network machines carrying public IP
addresses, and means nothing to machines behind NAT.

But MS have re-used the word 'domain' for their network security
system, which is really (nearly) a Kerberos realm. This causes endless
confusion in the MS world, which seems now to have spilled over. A
purely private MS DNS server, if given the same 'domain' name as the
real Internet domain of the owner, will make external domain resources
invisible to internal users. So the DNS server has to have external
resource names bodged into it by some means or other, which invariably
doesn't get documented properly, and breaks when an IP address

One or more workstations using an Active Directory server *must* have a
'domain', which need have no relationship with any Internet domain if
IP addressing is private. But a few random Linux (or other OS) machines
connecting to the Net through a NAT router have no use for 'domain'. I
would agree that this is difficult to convey in an installer screen,
but I would think that anyone who really needs to have a domain
specified for a workstation already knows that, and knows how to
organise it.


Reply to: