Correction #10300
closedFeedback on Configuration — Setup Wizard
0%
Description
Page: https://docs.netgate.com/pfsense/en/latest/book/config/setup-wizard.html
Feedback:
Update the Domain recommendation to not recommend using .com since it is a Public Top-level Domain. Using a TLD on the firewall requires allowing DNS rebinding and typically requires Split DNS:
https://docs.netgate.com/pfsense/en/latest/book/services/dns-resolver.html#dns-resolver-and-dns-rebinding-protection
https://docs.netgate.com/pfsense/en/latest/book/nat/nat-reflection.html#split-dns
We should update the wording to recommend .localdomain and avoid recommending .com altogether
Current:
Domain
Enter a Domain, e.g. example.com . If this network does not have a domain, use <something>.localdomain, where <something> is another identifier: a company name, last name, nickname, etc. For example, company.localdomain The hostname and domain name are combined to make up the fully qualified domain name of this firewall.
Recommended:
Domain
Enter a Domain, e.g. example.localdomain . If this network does not have a domain, use <something>.localdomain, where <something> is another identifier: a company name, last name, nickname, etc. For example, company.localdomain The hostname and domain name are combined to make up the fully qualified domain name of this firewall.
Updated by Jim Pingle about 3 years ago
- Status changed from New to Rejected
Plenty of people have valid uses for using a TLD on their firewall, like with ACME or in business environments which do have their own domain.
RFC 6761 specifically reserves example.com
for use in documentation, so it's really the best choice to use for an example in documentation.
localdomain is already mentioned in the next sentence so I don't think it's worth changing.