Carbon Core Training - Books

General Category => El Capitan Server - Foundation Services => Topic started by: CyborgSam on January 13, 2017, 03:46:19 PM

Title: Is a .local domain name OK if...
Post by: CyborgSam on January 13, 2017, 03:46:19 PM
the server will never be accessed from outside the LAN? My client must be HIPAA compliant, so their LAN is inaccessible except via VPN.

Their network infrastructure isn't great, I'd rather not rely on a local DNS server.

The server is mainly for roaming home directories and file sharing.

The server and Macs will all be running El Capitan.
Title: Re: Is a .local domain name OK if...
Post by: Reid Bundonis on January 13, 2017, 08:35:34 PM
Thanks for joining.  I hope the books are working out well for you.

I am not against private domains.  Just against .local domains.  .local is the Bonjour name space.  If you are doing anything where you are linked client devices to the server, you really want to avoid the use of .local because the system can too easily confuse server.local with server.lan.local. 

I fully understand the compliance issues.  But to protect yourself from potential issues, just make up a private domain for the LAN that does not conflict with Bonjour.  For example, or cyborg.lan.  By doing so, you will need to roll some DNS but now it is private DNS with no need for split horizon.  The server can be and this will allow OD to build properly as well as Kerberos.  Now, when binding your workstations, you will properly participate with kerberos and your mobile accounts or roaming accounts will be happy.

Hope this helps.