Use as default TLD for local network

RFC 8375 designated as the standard TLD for home networks. It makes sense because, according to this article:

Routers and Domain Name System (DNS) servers know, [in theory], not to forward ARPA requests they don’t understand onto the public internet.

OpenWrt defaults to the non-standard .lan. Any reason for this?


I switched my home network to at some point in the past year after reading the same article and RFC. I had no reason to actually do it, but no reason not to, either.

No one in my family noticed, complained, or complimented me. :wink:

Looks like it's been .lan since the beginning.


I think it's just because this was done looooong ago.

But yes, I would like to see the change to too. Doing the same since 4 years, too.
IIRC this domain was also mentioned in the homenet proposals and RFCs.

Submit a PR?

1 Like

Thank you Sherlock. /s

The pull request is not the issue but rather the reasoning and probably the discussion around it.

/* Maybe I have lost trust in humanity already but I would bet that most users will shit themselves over such a breaking omg we will all die change. I'm not sure I want to spent my time on this. */


Don't think .lan will ever be an issue even though its not formally reserved. Imagine the worldwide chaos that would ensue if .lan ever became a valid TLD.

nslookup lion.lan

*** can't find lion.lan: Non-existent domain

nslookup windows.lan

*** can't find windows.lan: Non-existent domain

 nslookup host.lan

*** can't find host.lan: Non-existent domain

That's what I figured. I'm a little surprised this hasn't been brought up before since the RFC came out in 2018.

This is true, and .lan is shorter and more convenient... but I think switching to the standard is worthwhile because I wouldn't trust them to not create worldwide chaos. They created some level of chaos with .zip and .mov.

I wouldn't trust them to not add .lan to the global TLD space at some point in the future, and if they do, it'd be our fault for not following the spec. And by then it would be too late because we can't change people's existing configs. Better to change the default early to be sure. Changing the default won't break anyone's existing configs and it will take years to "propagate".


Forgive my ignorance, but how would a user go about changing the default TLD? Would it be the Local domain setting on the DHCP and DNS page?

1 Like

That is missing part of the point: there being no .lan TLD means that queries which leak onto the Internet (whether via misconfigured devices or simply endpoints that have taken .lan as their domain into other networks) end up at the root nameservers.

I can't recall where but there is an aggregate list of non resolvable TLD queries that the root nameservers receive. It's an astronomical amount.

Using is intended in no small amount to cull those queries.


How would I go about changing my home network to use instead of .lan? Some of the others above say they have done so...please share how it can be done.

1 Like

Go to Network DHCP and change the domain and the local.


That's all I did, changed these two settings in luci. I think it would be a 2-line PR.


Thank you @keith24!

I seriously doubt many queries for .lan go all the way up to the root servers. Most users are using their ISPs domain servers or something like quad9 and those resolve are going to squash that kind of traffic, if it even gets that far. OpenWRTs default configuration wont leak .lan queries because it's resolving them. There are a lot of commercial router manufacturers who use .lan as well. If all these consumer devices using .lan were a problem for the root servers, I really think news would have gotten out by now about the problem.

I searched for root server statistics to see if anyone publishes this sort of thing. Didnt find much but I did find an old study and the big conclusion was that a lot of the traffic was unnecessary because of improperly configured caching. The other finding was that much of the unnecessary traffic was coming from a small number of IPs.

.lan is so pervasive now, IMHO, an RFC is needed to make it reserved, like


I think I saw this article some years ago. Could you post it? I couldn't find any good sources.

I agree, but an openwrt PR is easier than petitioning the IEEE or IANA or whoever makes these RFCs. We could always switch back after such an RFC is made.

I actually don't think .lan is in danger of becoming a global TLD like .zip and .mov did. And it is significantly shorter and faster to type. I could go either way really, just wanted to start a discussion since I couldn't find any.

1 Like

my 2 cent...

this is one of the change that IMHO is actually doable...

  • for those who don't use it (I expect 99% of the userbase, me included that still use raw ipv4 address) they won't ever notice the change, and also it's there for new device, everyone who sysupgrade will keep their old dhcp option if they ever modified that.
  • for those that use it, they will notice it (since the thing won't be reached anymore and search for a solution... and they should notice the change)
  • when this will be put on a stable release, it will be noted in the fw changes.

what we should really discuss here is not if it's OK to keep lan or not (since it's wrong as is in RFC and standard) but if doing such change would cause actual regression on any user case...
And list them so we can have an handy pool and consider pro and cons.


I guess it would be a breaking change for anyone that sysupgrades but is that a good reason to not make the change ever? I say, rip off the band-aid.

If it were me, and I went to myrouter.lan and got "Page not found", the first thing I'd try is which would work.

Since the wiki always says "Visit" I think people learn that first and then sometimes start using domains later. So I don't think there are any users that won't know what to do when the domain fails.

So, it's a breaking change, but probably not one that will lock anyone out of their router.

no it's not, the option is in dhcp config and that is restored, someone would change the difference only with a new config.

1 Like

Ah, of course. Sounds painless then...

I'll let this thread sit for a week or so and if there's no further objections, I will submit a PR request. Of course I am selfish and want my name on the commit. :stuck_out_tongue:

1 Like


in my oppinion, change will be confusing similar to swconfig->DSA
for example, if someone need help accessing LuCI, forum members will need to ask first, is it older than, lets say 24.xx where change was made?
did he restore old config (with "lan" domain) ?

and only then, one could help with answering

  1. you need to access luci via http://openwrt.lan
  2. you need to access luci via
    but the best way is to access using :slight_smile:

so, yes, it will be confusing for long time ...