Is it OK to use local. in an active directory domain name
I have read that it's not OK to use .local in a domain especially with Microsoft Windows servers. I have also read the Windows Active Directory naming best practices article on ServerFault which was helpful but hadn't completely answered my question regarding "local" I was thinking it was somehow a reserved keyword and would present problems.
I own the domain keiboom.com
and set up my Active Directory domain as local.keiboom.com
. Can this create problems?
Solution 1:
No, that's fine.
The warning is against using domain.local as your AD domain name.
local.domain.tld is perfectly acceptable.
Solution 2:
I'm not an expert on windows but in this case it does not matter. the .local domain is reserved for MDNS:
- https://www.rfc-editor.org/rfc/rfc6762
- https://en.wikipedia.org/wiki/Multicast_DNS
On linux at least by default the resolver uses Avahi (A mDNS implementation) for resolving hosts in the .local domain, skipping DNS so you get surprising DNS resolutions errors. I guess for similar reasons this can be a problem in Windows / AD too.
So, in short, don't use anything ending with .local as a domain as sooner or later it'll hurt.
The domain you've chosen, local.keiboom.com, seems OK though, but beware if you have websites hosted about the cookie domain (.keiboom.com from outside can be mixed with local.keiboom.com from the inside so you'll have to be careful with webapps).