Author Topic: Is a .local domain name OK if...  (Read 212 times)

CyborgSam

  • Newbie
  • *
  • Posts: 1
    • View Profile
Is a .local domain name OK if...
« on: January 13, 2017, 03:46:19 PM »
the server will never be accessed from outside the LAN? My client must be HIPAA compliant, so their LAN is inaccessible except via VPN.

Their network infrastructure isn't great, I'd rather not rely on a local DNS server.

The server is mainly for roaming home directories and file sharing.

The server and Macs will all be running El Capitan.

Reid Bundonis

  • Administrator
  • Full Member
  • *****
  • Posts: 107
    • View Profile
Re: Is a .local domain name OK if...
« Reply #1 on: January 13, 2017, 08:35:34 PM »
Thanks for joining.  I hope the books are working out well for you.

I am not against private domains.  Just against .local domains.  .local is the Bonjour name space.  If you are doing anything where you are linked client devices to the server, you really want to avoid the use of .local because the system can too easily confuse server.local with server.lan.local. 

I fully understand the compliance issues.  But to protect yourself from potential issues, just make up a private domain for the LAN that does not conflict with Bonjour.  For example, cyborg.int or cyborg.lan.  By doing so, you will need to roll some DNS but now it is private DNS with no need for split horizon.  The server can be server.cyborg.int and this will allow OD to build properly as well as Kerberos.  Now, when binding your workstations, you will properly participate with kerberos and your mobile accounts or roaming accounts will be happy.

Hope this helps.