Multicast DNS and the ".local" domain

  • Thread starter Thread starter BOT House
  • Start date Start date
B

BOT House

Refer to...

http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt

"3. ... Any DNS query for a name ending with '.local.' MUST be sent to the
mDNS multicast address (224.0.0.251 or its IPv6 equivalent FF02::FB).

"3.2 ... Operators setting up private internal networks ('intranets') are
advised that their lives may be easier if they avoid using the suffix
'.local.' in names in their private internal DNS server."

and...

http://support.microsoft.com/default.aspx?scid=kb;en-us;836413

"MORE INFORMATION When you plan your network, avoid assigning your domain a
name that uses the .local extension."

DOH!

Jeez... what happened here? MS has been pushing ".local" for AD for years.
AT LEAST half a decade.

Is this a flip-flop or a "major policy reversal"?

Granted, this is just a draft proposal (it hasn't made it to the IETF yet),
but does anyone know if this is going to take off? Are those of us who
called their AD domains "whatever.local" going to be SCREWED in a few years?

I stumbled into this because after I upgraded a Debian Linux system, I had a
process called "mDNSResponder" running. Turns out it's in every bleeding
edge Linux distro out there.

FWIW, MS has a competing draft proposal called Link Local Multicast Name
Resolution (LLMNR).

On or off-list comments are welcome.
 
Keep in mind that Apple proposed the RFC, not Microsoft. Also, with
Windows Server 2003, it's quite easy to change the DNS and NetBIOS
names of the root domain, so moving from .local to another TLD isn't
that big of a deal.

This is why I've always recommended using a subdomain of a company's
external namespace (i.e. corp.company.com), or the top level of a
namespace the company has purchased but doesn't use externally (i.e.
company.com uses company.net for AD), as opposed to using a 'bogus'
TLD.

I wouldn't call it a flip-flop by Microsoft. I would call it a reaction
to the fact that the purpose of .local may change. With the rename
tools available, no big whoop.

Bill
 
In
Bill Nitz said:
Keep in mind that Apple proposed the RFC, not Microsoft.
Also, with Windows Server 2003, it's quite easy to change
the DNS and NetBIOS names of the root domain, so moving
from .local to another TLD isn't that big of a deal.

This is why I've always recommended using a subdomain of
a company's external namespace (i.e. corp.company.com),
or the top level of a namespace the company has purchased
but doesn't use externally (i.e. company.com uses
company.net for AD), as opposed to using a 'bogus' TLD.

I wouldn't call it a flip-flop by Microsoft. I would call
it a reaction to the fact that the purpose of .local may
change. With the rename tools available, no big whoop.

Bill
Click to expand...

I don't believe I've read any articles published by Microsoft recommending
the use of .local for the TLD of AD domains. I have read many articles
recommending a sub domain of the owned public domain, this is the one I
recommend.
I never recommend using the same internal domain name as the public domain
because that always leads to problems for someone that does not fully
understand the repercussions of choosing to use the same name. There are
some problems that just can't be worked around. One of which is DFS shares
and accessing the public website by only the domain name. This is especially
a problem for public domains that use a third level name like domain.co.uk.
Some websites in co.uk cannot be accessed by a forth level name like
www.domain.co.uk which leads to big problems for users trying to access the
company website using "domain.co.uk" from an AD network using the same name.
 
I looked at the rename tools last year and it didn't look "quite easy".
There were a lot of prerequisites and conditions. Perhaps they've modified
the tools since then.
 
I don't believe you will find any electronic documents concerning ".local"
that haven't been edited after the publication date of Apple's mDNS draft in
March 2004.

In fact, in http://support.microsoft.com/default.aspx?scid=kb;en-us;296250,
"Domain Name System name recommendations for Small Business Server 2000 and
Windows Small Business Server 2003" (last review July 16, 2004 - four months
after the mDNS draft) they make a sideways recommendation for .local but
add...

"At the present time, the .local domain name is not registered on the
Internet." (This sentence appears TWICE.)

Now, if you can find a pre-July 2004 copy of that KB article (good luck!), I
would wager that sentence isn't in there. However, Microsoft is very good
at making KB articles disappear and publishing just-in-time "errata".

So, Microsoft did recommend ".local" in the past. I will admit they do have
plausible deniability, but I've been around since the NT5 "Rapid Deployment"
days (1998) and have heard/read/seen the ".local" recommendation many, many
times. With KB article #836413 they have now officially dis-recommended it.
 
BOT House said:
I looked at the rename tools last year and it didn't look "quite easy".
There were a lot of prerequisites and conditions. Perhaps they've
modified
the tools since then.
Click to expand...

Hi Bot,

The most difficult part of a domain rename are mostly older
applications which have an issue if the domain name changes. However
we've done a domain rename in our environment (about 4k users, mostly
laptops, SAP, Notes, SMS, SQL, lot of applications and intranet-tools)
and there are other companies who did it. As with every bigger change
in your infrastructure the key is testing or risking (that one or the
other application might not work afterwards). We did a mix - tested
what's really important to us, and risked what we'd be able to
reinstall and miss for a few days.

--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
 
Back
Top