[aklug] Re: internal domain name recommendation

From: James Zuelow <James_Zuelow@ci.juneau.ak.us>
Date: Mon Jun 07 2010 - 09:37:01 AKDT

----Original Message----

>>=20
>> I run local (intranet) services that I don't *want* available on the
>> Internet, even to not putting them into my public-facing DNS zones. I
>> started with .local originally in the pre-OS X era, regretted it when
>> Mac OS X was released, but worked around it and am still using .local
>> as of 2010. Windows has never had any problems resolving .local via
>> DNS, afaict.
>=20
> Isn't .localdomain exactly for this purpose?
>=20
> j

.localdomain is just a heck of a lot to type.

Microsoft tells their admins to use foo.local as an active directory domain=
. Or at least they used to -- I see references to it up to server 2003 doc=
umentation.

Apple decided that .local was a perfect pseudo-tld for their mDNS implement=
ation (bonjour/zeroconf).

I think the timeline doesn't bear it out (mDNS has been in development for =
a long time), but a popular conspiracy theory holds that Apple coopted the =
.local pseudo-tld just to piss off Microsoft (and Microsoft network admins)=
.

Anyway this affects Linux because the OSS mDNS implementation (Avahi) also =
uses .local.

Where you'll see problems is when you mix an active directory domain with .=
local with a Samba server that has Avahi pulled into it via some dependency=
.

For a while Avahi was changing /etc/nsswitch.conf to look like this:

Hosts: files mdns dns

That was A Bad Thing. Essentially it meant that Samba would do a DNS looku=
p for one of the AD integrated DNS lookups (where is my kerberos server?) a=
nd Avahi would get ahold of the request when it hit mdns. Avahi would broa=
dcast a request, and since the domain controller was probably not running m=
DNS, it would not get an answer and generate a host not found reply. The h=
ost lookup would not fail through to regular DNS and Samba would generate "=
cannot contact domain" errors.

Then at least on Debian Avahi starting using this syntax:

Hosts: files mdns_minimal [NOTFOUND=3Dreturn] dns mdns

With the second syntax, if Avahi doesn't find a host or if it returns NXDOM=
AIN it falls through to regular DNS. If that falls through, it will try Av=
ahi again. In theory this covers the situation where there is a .local DNS=
 space being used and some hosts use mDNS and others use traditional DNS. =
In practice it means that you can wait for timeouts, especially if you're l=
ooking up an mdns service that mdns_minimal doesn't find.

Depending on your network, the timeouts can still be painful.

So if I'm working on any network with a Microsoft AD domain that uses foo.l=
ocal, I find it easier to just nuke Avahi and avoid the whole issue. I per=
sonally don't ever use mDNS anyway.

As far as I know that's the only issue with .local as a domain with Linux. =
 I don't know how Macs handle it, as they're Apple products and mDNS is pro=
bably integrated a bit more tightly. Although Avahi now gets sucked in wit=
h KDE, so we may see more and more mDNS in the Linux space.

James Zuelow
Network Specialist
City and Borough of Juneau MIS
(907) 586-0236=
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Jun 7 09:37:09 2010

This archive was generated by hypermail 2.1.8 : Mon Jun 07 2010 - 09:37:09 AKDT