ICANN Proposes .INTERNAL private zone

I see ICANN is proposing reserving ".internal" as a private zone. I guess if this becomes official OpenWRT may change from ".lan"?

The report/proposal also talks about how much ".lan" escapes OpenWRT (probably and for one reason or another) and hits the top level Name servers. OpenWRT is explicitly referenced as the main user of ".lan"


1 Like

My 2c, ICANN should just add .lan as a special use domain name (like they did with .onion https://datatracker.ietf.org/doc/html/rfc7686) and formalize the de facto standard that's been in use for decades.

But, off my soapbox, I've wondered about that "OpenWrt floods the net with .lan requests" thing. I would guess that almost everyone on this forum has their dhcp configs set up with local so they are not part of the problem. So... Is it third-party OpenWrt-derivatives used on consumer routers that are configured improperly?

$ cat /etc/config/dhcp
config dnsmasq
        option local '/lan/'


$ grep lan /tmp/etc/dnsmasq.conf.cfg01411c

which prevents those domains from passing out of the router... (See also /usr/share/dnsmasq/rfc6761.conf, which uses the server variant of the same dnsmasq option.)

1 Like

Actually, it isn't, at least based on the doc you shared...

An example string used throughout this document for discussion purposes. It is used in this
document as the hypothetical example of a reserved private-use TLD. Neither this string nor any
other is specifically recommended in this document.

Interestingly, .lan was mentioned as third most widely used private TLD in the table included

Private-use TLD / Presumed Source Queries to [a,j].root-servers.net on 14 May 2020

  • .home Used by some customer premise equipment / 854 million (~9884/second)
  • .internal Used by corporate networks / 210 million (~2431/second)
  • .lan Used by OpenWrt, a Linux operating system for embedded devices / 165 million (~1909/second)
  • ...

I translate openwrt.lan ( to r1.c1 (router1.lan1), for initial flashing purposes.

I originally thought that the option to enter e.g. openwrt-1.lan in the address bar isn't so helpful for me since in Chrome the options that come up when I click on the address bar and enter 'openwrt-1' don't include: http://openwrt-1.lan:

But I see now that as long as you've visited the site once, then the next time you enter 'openwrt-1' the full address does come up as an option:


1 Like

ICANN proposes creating .INTERNAL domain

This is the register story on this.


Nice, it took them just over 3 years (since the original committee report) to agree on the proposal :wink:

Thanks for the info!
Personally, I'm not going to rush and change all my domains from .LAN to .INTERNAL.


I created a PR for this:

--Why not?

if Dnsmasq is configured correctly, then any domain you set as the local domain will not be forwarded to the public DNS.

and that .INTERNAL is too long compared to .LAN.

I am about to register for an account to submit my comments to ICANN.


"INTERNAL" is too long and I have too many devices to reconfigure... and I am way too lazy!


Looking at the stats, maybe icann should just promise to not assign say the top 10 of this list as TLD and stay TF out of the unescapable exercise in 'bike shedding' that selecting a single candidate would bring...
my 2 eurocents....


Looking at the stats, maybe icann should just promise to not assign say the top 10 of this list as TLD and stay TF out of the unescapable exercise in 'bike shedding' that selectinga single candidate would bring...

That seems like the most sensible suggestion...so probably won't happen but I'm going to add that as my comment.

1 Like

:+1:t3::+1:t3::+1:t3::+1:t3::+1:t3: because there's only one :+1:t3: button.

I tried to make the argument that they should declare .lan to be an abbreviation for .internal (because internal backwards is lanretni) and reserve both. So far, several people have mentioned .lan in their feedback, but nobody has supported or opposed my reverse-abbreviation idea.


People really get attached to a name don't they? I don't mind using ".internal" I think the language is more neutral then ".lan" which may exclude a lot of still internal but mid-sized network types although when I used to work in networking the only one I've seen used commonly is MAN and usually it's when your the incumbent telecom provider:

Metropolitan area network (used a lot in telecom)
Campus area network (used a lot in corporate IT)

To a telecom down the block is still considered ".internal" but no longer qualifies for .lan. I get the feeling icann is trying to draw the border at the internet and not any of these other locally routed layers.

Do you really think the complaints are just about the name?
There may be other issues at play, e.g. not taking common precedence into account (especially after .local has already been redefined in the past) and the delta of the number of characters to type in every time to access systems in your LAN.


I can offer two interpretations:
a) the friendly one, ICANN wants to avoid future accidental 'squatting' of potential TLDs mostly by raising awareness and also offering an alternative in the spirit of constructive discussion
b) the cynical one, ICANN plans to productise one or more of the commonly used TLDs, and this is just so they can advise current users to migrate somewhere...

I hope it is a) but my hunch is it is more of b)...