ICANN Proposes .INTERNAL private zone

I see ICANN is proposing reserving ".internal" as a private zone. I guess if this becomes official OpenWRT may change from ".lan"?

The report/proposal also talks about how much ".lan" escapes OpenWRT (probably and for one reason or another) and hits the top level Name servers. OpenWRT is explicitly referenced as the main user of ".lan"

https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee-ssac-reports/sac-113-en.pdf

1 Like
4 Likes

My 2c, ICANN should just add .lan as a special use domain name (like they did with .onion https://datatracker.ietf.org/doc/html/rfc7686) and formalize the de facto standard that's been in use for decades.

But, off my soapbox, I've wondered about that "OpenWrt floods the net with .lan requests" thing. I would guess that almost everyone on this forum has their dhcp configs set up with local so they are not part of the problem. So... Is it third-party OpenWrt-derivatives used on consumer routers that are configured improperly?

$ cat /etc/config/dhcp
config dnsmasq
...
        option local '/lan/'

becomes

$ grep lan /tmp/etc/dnsmasq.conf.cfg01411c
local=/lan/

which prevents those domains from passing out of the router... (See also /usr/share/dnsmasq/rfc6761.conf, which uses the server variant of the same dnsmasq option.)

1 Like

Actually, it isn't, at least based on the doc you shared...

.internal
An example string used throughout this document for discussion purposes. It is used in this
document as the hypothetical example of a reserved private-use TLD. Neither this string nor any
other is specifically recommended in this document.

Interestingly, .lan was mentioned as third most widely used private TLD in the table included

Private-use TLD / Presumed Source Queries to [a,j].root-servers.net on 14 May 2020

  • .home Used by some customer premise equipment / 854 million (~9884/second)
  • .internal Used by corporate networks / 210 million (~2431/second)
  • .lan Used by OpenWrt, a Linux operating system for embedded devices / 165 million (~1909/second)
  • ...
2 Likes

I translate openwrt.lan (192.168.1.1) to r1.c1 (router1.lan1), for initial flashing purposes.

I originally thought that the option to enter e.g. openwrt-1.lan in the address bar isn't so helpful for me since in Chrome the options that come up when I click on the address bar and enter 'openwrt-1' don't include: http://openwrt-1.lan:

But I see now that as long as you've visited the site once, then the next time you enter 'openwrt-1' the full address does come up as an option:

image

1 Like

ICANN proposes creating .INTERNAL domain

This is the register story on this.

2 Likes

Nice, it took them just over 3 years (since the original committee report) to agree on the proposal :wink:

Thanks for the info!
Personally, I'm not going to rush and change all my domains from .LAN to .INTERNAL.

2 Likes

I created a PR for this:

--Why not?

if Dnsmasq is configured correctly, then any domain you set as the local domain will not be forwarded to the public DNS.

and that .INTERNAL is too long compared to .LAN.

I am about to register for an account to submit my comments to ICANN.

5 Likes

"INTERNAL" is too long and I have too many devices to reconfigure... and I am way too lazy!

5 Likes

Looking at the stats, maybe icann should just promise to not assign say the top 10 of this list as TLD and stay TF out of the unescapable exercise in 'bike shedding' that selecting a single candidate would bring...
my 2 eurocents....

3 Likes

Looking at the stats, maybe icann should just promise to not assign say the top 10 of this list as TLD and stay TF out of the unescapable exercise in 'bike shedding' that selectinga single candidate would bring...

That seems like the most sensible suggestion...so probably won't happen but I'm going to add that as my comment.

1 Like

:+1:t3::+1:t3::+1:t3::+1:t3::+1:t3: because there's only one :+1:t3: button.

I tried to make the argument that they should declare .lan to be an abbreviation for .internal (because internal backwards is lanretni) and reserve both. So far, several people have mentioned .lan in their feedback, but nobody has supported or opposed my reverse-abbreviation idea.

3 Likes