Project

General

Profile

Todo #10533

Change default domain for new installations from "localdomain" to "home.arpa"

Added by Jim Pingle 9 months ago. Updated 11 days ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
Operating System
Target version:
Start date:
05/06/2020
Due date:
% Done:

100%

Estimated time:

Description

RFC 8375 sets aside "home.arpa" for "non-unique use in residential home networks." and in general seems to be preferable compared to alternatives like ".home" and ".local" which have been taken for use by others.

pfSense currently uses "localdomain" which hasn't been formally reserved for this use that I can see in any current (not expired) RFC or draft. It was mentioned in draft-chapin-rfc2606bis-00 and draft-chapin-additional-reserved-tlds-01 both of which expired several years ago.

The main place this would be changed is in the default config.xml, and one additional reference in index.php. There are some other "localdomain" references in the DNS Resolver and Forwarder but they are general and may not need to be changed. Though we may want to add "home.arpa" to those examples.

There are a few mentions in the docs, but not many.

Associated revisions

Revision c948bc45 (diff)
Added by Jim Pingle 2 months ago

Change default config domain to home.arpa. Implements #10533

History

#1 Updated by → luckman212 7 months ago

I'd suggest one of the following instead, since many pfSense installs are not used in home environments.

https://tools.ietf.org/html/rfc6762#appendix-G suggests these are valid alternatives:

.internal
.private
.lan

These are short, generic enough and make sense for both home and corporate networks.

#2 Updated by Rick Coats 3 months ago

→ luckman212 wrote:

I'd suggest one of the following instead, since many pfSense installs are not used in home environments.

https://tools.ietf.org/html/rfc6762#appendix-G suggests these are valid alternatives:

[...]

These are short, generic enough and make sense for both home and corporate networks.

If you want to use something like you listed, then Services / DNS Resolver / General Settings / System Domain Local Zone Type should NOT be “Transparent”.
I think from reading the Unbound manual it should be “Static” in that case. Otherwise, you have the issue of DNS leakage in the Global DNS.
With “home.arpa” it is ok to use “Transparent” as default because it is an official special use domain (https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xml) so there are DNS servers to properly respond.

#3 Updated by Rick Coats 3 months ago

There is also a Draft (2017) https://tools.ietf.org/html/draft-wkumari-dnsop-internal-00 also expired (2018) that proposes making .internal. a special use domain for internal use.

#4 Updated by Jim Pingle 2 months ago

→ luckman212 wrote:

I'd suggest one of the following instead, since many pfSense installs are not used in home environments.

https://tools.ietf.org/html/rfc6762#appendix-G suggests these are valid alternatives:

[...]

These are short, generic enough and make sense for both home and corporate networks.

I considered those but that RFC also says this (emphasis mine):

[...] We do not recommend use of unregistered top-level
domains at all
, but should network operators decide to do this, the
following top-level domains have been used on private internal
networks without the problems caused by trying to reuse ".local." for
this purpose:

Given that RFC 8375 specifically registers home.arpa for this purpose I believe it's still the best fit out of all the current choices.

And while it is true that many pfSense users do not use it in a home environment, they are free to change it to whatever domain they like in the setup wizard. The intent of this change to have a sane and RFC-compliant default (from a valid/non-expired RFC, anyhow...)

#5 Updated by Jim Pingle 2 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#6 Updated by Max Leighton about 1 month ago

Tested in

2.5.0-DEVELOPMENT (amd64)
built on Fri Dec 11 03:05:22 EST 2020
FreeBSD 12.2-STABLE

The default fqdn is pfSense.home.arpa as expected. The help text in the DNS resolver is now also using home.arpa in the examples.

#7 Updated by Max Leighton 12 days ago

  • Tracker changed from Todo to Feature
  • Status changed from Feedback to Resolved

There have been no other issues observed here, so I will mark it as resolved.

#8 Updated by Jim Pingle 11 days ago

  • Tracker changed from Feature to Todo

Also available in: Atom PDF