Is there any mechanism to actually implement a subdomain in an mDNS environment using .local?
Posted by ElvisDumbledore@reddit | sysadmin | View on Reddit | 13 comments
I occasionally see offices without AD or DNS setups attempt to add a subdomain to the .local address in Windows. The uri/url they want to use looks like workstation.businessname.local. I can't find or even imagine how this would be implemented on a network of Windows workstations. Sometimes it seems harmless but other times it seems to create problems.
Is there any mechanism to actually implement a subdomain in an mDNS environment using .local?
orev@reddit
The people doing that are improperly using
.localprobably because they don't know it's already reserved for mDNS. They're overlapping the name, not working within any official method of adding mDNS subdomains.retiredaccount@reddit
Or, their implementation and use of .local predates “official” mDNS, which only became standards-track in 2013. Some networks are old, and change comes slowly…or not at all.
itishowitisanditbad@reddit
Fun post every so often where people compare the first registered date of the domain of their workplace, there are some real old ones out there.
TYGRDez@reddit
Exactly this.
I hate that our domain is using .local, but it was set up nearly 20 years ago and management won't sign off on the "unnecessary" work it would take to rebuild everything, when it's all "working fine"
Arudinne@reddit
Frankly I have better things to do than fuck with a domain that is otherwise working just fine.
ADynes@reddit
Same. Been ABC.local internally for 20+ years and ABCompany.com externally for email. I have yet to have an issue, it works fine. Literally the only thing I have to watch out for is creating a new user and switching it over to abcompany.com and not leaving the abc.local default.
Ninjabeaver212@reddit
This is my company to a T. We're in the middle of disabling mDNS internally as it has been used for MitM attacks during our yearly pen tests. Turns out disabling mDNS wrecks havoc with cross domain/forest communication when DNS forwarders are configured pointing to another .local domain. No this makes ZERO sense when you understand how mDNS actually works, but this is the exact issue we've ran into in our environment. We spent an entire month researching this with multiple vendors only to come up completely empty handed and everybody involved stumped.
flyguydip@reddit
Apple bonjour and .local domain conflict - Software & Applications - Spiceworks Community https://community.spiceworks.com/t/apple-bonjour-and-local-domain-conflict/147190
cacheclyo@reddit
Yeah, this.
.localin Windows-land is kind of a weird mess because you’ve got:.localas reserved.localas a fake internal AD zoneWhen someone does
workstation.businessname.localwith no proper DNS or AD, Windows will try a mix of things: mDNS, LLMNR, NetBIOS, search suffixes, whatever. Sometimes it “works” by accident, sometimes you get random timeouts and name conflicts.There isn’t some clean mDNS hierarchy where you can just bolt on subdomains like that. If they actually want
workstation.businessname.something, they should either run real DNS with a proper domain they own, or pick literally anything that isn’t.localand isn’t a public TLD. Using.localthat way just guarantees weird edge cases.andypanty69@reddit
Showing my ignorance and age... Doesn't .local predate ask the above. Isn't it from 1990s? I should go look for RFCs but I'm thinking it may have been just convention.
beren12@reddit
.localhost https://datatracker.ietf.org/doc/html/rfc2606#page-2
Single-Virus4935@reddit
mDNS isnt suitable and stable for that usecase.
An DNS setup is simple and even in smaller setups probaly the router, nas or another server can function as a DNS Server.
Dont use .local outside mDNS and get a proper domain or use .internal.
flyguydip@reddit
Also, try not to use .local anymore...
Apple bonjour and .local domain conflict - Software & Applications - Spiceworks Community https://community.spiceworks.com/t/apple-bonjour-and-local-domain-conflict/147190
How stupid is that, right?