It's official: .corp, .home, .mail will never be top-level domains on the 'net

Re: as an alternative to '.local'

The problem is if you set your LAN domain to .local and you have mDNS devices on it as well, if your mDNS resolver isn't very good or configured wrong then you might not be able to resolve some addresses.

Re: I use .internal

.lan would be sensible, but some bright spark at ICANN let Latam Airlines have it.

Re: I use .internal

I actually use .int myself, for the same reason, with the additional catch that it's three letters. The fact it can also be easily confused with a common shorthand for integers makes me think it's an unlikely TLD to be registered.

PS. Only NOW do I learn that .int is indeed reserved. Good news is that it's intended for true international agencies and that the application process is incredibly strict. End result: I probably haven't stepped on anyone's toes in the process. I'll change the internal TLD later.

Hell's bells, bob: here, from the last Millenium, is "Reserved Top Level DNS Names" http://www.faqs.org/rfcs/rfc2606.html

""It's not difficult - don't try to use domain names you don't own""

"And pay the "internet domain TLD tax" while we're at it. for every private LAN in the world."

We're talking $15/year to make sure your network has a unique domain?

Re: .int

Be careful with that: the International Telecommunication Union has a .int domain:

That would be because .int is reserved for international organisations.

Two relevant paragraphs from the Unreliable Source:

The domain name int is a sponsored top-level domain (sTLD) in the Domain Name System of the Internet. Its name is derived from the word international, characterizing its use for international organizations and treaty-related purposes.[1] The first use of this domain was by NATO, which had previously been assigned the top-level domain nato.

According to Internet Assigned Numbers Authority (IANA) policy, based on RFC 1591, the sTLD int is reserved for international treaty-based organizations, United Nations agencies, and organizations or entities having observer status at the UN.[2] int is considered to have the strictest application policies of all TLDs, as it implies that the holder is a subject of international law. For this reason, the application procedure requires the applicant to provide evidence that it is indeed treaty-based by providing a United Nations treaty registration number and that it has independent legal status.

https://en.wikipedia.org/wiki/.int

Re: .int

As do about 165 other organisations:

List of organizations with .int domain names

"My last job used $companyname.co.uk as the internal AD domain name."

There's nothing wrong with that, so long as you own that domain. In fact, that's why it's called a domain name in AD and in DNS (and AD is DNS based).

The "hack" to make it work internally? Set your external DNS resolvers to reply with your external IP and your internal ones to reply with your internal IP? Same config I have here.

"helpdesk.companyname.com" resolves to a 192.168. if you're querying our internal nameservers and to our external IP if you're querying our "real" DNS servers visible to the outside world. Works fine.

In fact, the gateway is smart enough to redirect and port-forward even internal access just using the external IP from inside (i.e. no DNS changes required) but I don't like that... I like a clear separation.

That's not a facepalm - that's how you should be configuring it. In fact, I'd query how you'd migrate smoothly to Azure etc. in the future if you're not already doing this (https://support.office.com/en-gb/article/how-to-prepare-a-non-routable-domain-such-as-local-domain-for-directory-synchronization-e7968303-c234-46c4-b8b0-b5c93c6d57a7)