For years, network administrators and home users relied on .local as the go-to top-level domain (TLD) for internal networks. However, recent experiences like firmware updates on Asus routers explicitly blocking this TLD have brought this practice into question.
The primary issues with .local stem from its collision with multicast DNS (mDNS) and service discovery protocols:
// Example showing mDNS conflict in Python
import socket
def resolve_local():
try:
return socket.gethostbyname('mydevice.local') # May fail due to mDNS
except socket.gaierror as e:
print(f"Resolution error: {e}")
Microsoft's Active Directory best practices now explicitly recommend against .local due to:
- Conflicts with Bonjour/ZeroConf implementations
- Apple device compatibility issues
- Potential security vulnerabilities in name resolution
The most common replacement TLDs include:
# Recommended internal TLDs in DHCP configurations
option domain-name "internal.lan";
option domain-name-servers 192.168.1.1;
| TLD | Compatibility | Best For |
|---|---|---|
| .lan | High | Home/SMB networks |
| .internal | High | Enterprise environments |
| .home | Medium | Residential networks |
For Linux systems using systemd-resolved:
# /etc/systemd/resolved.conf
[Resolve]
Domains=~lan
DNS=192.168.1.1
For Windows PowerShell automation:
# PowerShell script to update DNS suffix
Set-DnsClientGlobalSetting -SuffixSearchList @("corp.lan","internal.lan")
Rename-Computer -NewName "server1" -DomainCredential $cred -Force
When configuring modern routers like Asus devices:
- Navigate to LAN > DHCP Server
- Set "Domain Name" field to your chosen TLD (e.g., home.lan)
- Ensure consistent configuration across all network devices
The shift away from .local represents an important evolution in network administration best practices. While the change might require some initial configuration updates, the improved compatibility and reduced troubleshooting make it worthwhile for both home and enterprise networks.
The .local top-level domain was historically popular for private networks due to its intuitive naming. Many home routers and small business networks adopted it for internal DNS resolution. However, this practice became problematic when RFC 6762 designated .local for multicast DNS (mDNS) implementations.
The primary issue arises when both conventional DNS and mDNS try to resolve .local addresses. Apple's Bonjour and Linux's Avahi implementations strictly follow RFC 6762, causing resolution failures:
# Example of potential conflict on macOS
$ ping server.local
# May fail due to mDNS taking precedence over unicast DNS
For private networks, consider these RFC-compliant alternatives:
.internal- Explicitly reserved for private infrastructure.lan- Common in consumer networking equipment.priv- Used in some European deployments.corp- For corporate networks (though check ICANN restrictions)
Most modern routers allow TLD customization. Here's how to implement .lan in different environments:
# AsusWRT (via SSH)
nvram set lan_domain=lan
nvram commit
service restart_dnsmasq
# OpenWRT (/etc/config/dhcp)
config dnsmasq
option domain 'lan'
option local '/lan/'
For advanced setups using BIND, modify your zone file:
// named.conf.local
zone "internal.network" {
type master;
file "/etc/bind/db.internal.network";
};
// db.internal.network
$TTL 86400
@ IN SOA ns1.internal.network. admin.internal.network. (
2023080101 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
86400 ; Minimum TTL
)
@ IN NS ns1.internal.network.
ns1 IN A 192.168.1.1
server1 IN A 192.168.1.100
Ensure proper DNS suffix search paths across operating systems:
# Windows (PowerShell)
Set-DnsClientGlobalSetting -SuffixSearchList @("internal.network","lan")
# Linux (/etc/resolv.conf)
search internal.network lan
When transitioning from .local to a new TLD:
- Run both DNS zones temporarily
- Update DHCP options to advertise new search domains
- Use CNAME records for legacy compatibility
- Gradually update all client configurations