Project

General

Profile

Actions

Correction #10300

closed

Feedback on Configuration — Setup Wizard

Added by Paighton Bisconer about 4 years ago. Updated about 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
02/27/2020
Due date:
% Done:

0%

Estimated time:

Description

Page: https://docs.netgate.com/pfsense/en/latest/book/config/setup-wizard.html

Feedback:
Update the Domain recommendation to not recommend using .com since it is a Public Top-level Domain. Using a TLD on the firewall requires allowing DNS rebinding and typically requires Split DNS:
https://docs.netgate.com/pfsense/en/latest/book/services/dns-resolver.html#dns-resolver-and-dns-rebinding-protection
https://docs.netgate.com/pfsense/en/latest/book/nat/nat-reflection.html#split-dns

We should update the wording to recommend .localdomain and avoid recommending .com altogether

Current:
Domain

Enter a Domain, e.g. example.com . If this network does not have a domain, use <something>.localdomain, where <something> is another identifier: a company name, last name, nickname, etc. For example, company.localdomain The hostname and domain name are combined to make up the fully qualified domain name of this firewall.

Recommended:
Domain

Enter a Domain, e.g. example.localdomain . If this network does not have a domain, use <something>.localdomain, where <something> is another identifier: a company name, last name, nickname, etc. For example, company.localdomain The hostname and domain name are combined to make up the fully qualified domain name of this firewall.
Actions #1

Updated by Jim Pingle about 4 years ago

  • Status changed from New to Rejected

Plenty of people have valid uses for using a TLD on their firewall, like with ACME or in business environments which do have their own domain.

RFC 6761 specifically reserves example.com for use in documentation, so it's really the best choice to use for an example in documentation.

localdomain is already mentioned in the next sentence so I don't think it's worth changing.

Actions

Also available in: Atom PDF