29
submitted 9 months ago by thehatfox@lemmy.world to c/sysadmin@lemmy.world
top 31 comments
sorted by: hot top controversial new old
[-] possiblylinux127@lemmy.zip 12 points 9 months ago* (last edited 9 months ago)

Please no

It would be nice to figure out a way to get local SSL certs for .lan and .local domains though.

[-] jlh@lemmy.jlh.name 9 points 9 months ago

I just use a subdomain of my main domain and use dns validation of let's encrypt.

[-] possiblylinux127@lemmy.zip 4 points 9 months ago

That requires outside authentication though. I think it would be cool to incorporate some SSL into dhcp

[-] nbailey@lemmy.ca 4 points 9 months ago

That will never happen. SSL is based on trust, and the trust root will never blindly delegate to whatever happens in random LANs. Subdomain is 100% the right approach for internal network.

[-] duplexsystem@lemmy.blahaj.zone 0 points 9 months ago* (last edited 9 months ago)

It can and has already happened. You can make your own root ca. Internal domains need internal root cas. Is it a pia to setup yes. Do I have it installed on my unrooted android phone and linux computers? Yes.

Edit: I didn't see the dhcp part. But you can still make your own root ca

[-] superbirra@lemmy.world 0 points 9 months ago

op was obviously referring to public root CAs

[-] duplexsystem@lemmy.blahaj.zone 1 points 9 months ago
[-] superbirra@lemmy.world 1 points 9 months ago* (last edited 9 months ago)

and IT'S OK, we don't want you to burn out

[-] duplexsystem@lemmy.blahaj.zone 1 points 9 months ago

I'm already burnt out. Womp womp

[-] superbirra@lemmy.world 1 points 9 months ago
[-] duplexsystem@lemmy.blahaj.zone 2 points 9 months ago

Rare here but I'll try and find one

[-] Fontasia@feddit.nl 2 points 9 months ago

The maintainers of DHCP can't even be bothered standardising a query to check if an address is currently in use, doubt they could take on being a CA at the same time

[-] MigratingtoLemmy@lemmy.world 3 points 9 months ago

Time for your own CA

[-] Supermariofan67@programming.dev 0 points 9 months ago
[-] possiblylinux127@lemmy.zip 4 points 9 months ago* (last edited 9 months ago)

Internal is 8 letters while lan is three

[-] theit8514@lemmy.world 10 points 9 months ago

If only they had done this with .local ages ago. Still, it's a nice change, but I doubt my company will adopt.

[-] mozz@mbin.grits.dev 8 points 9 months ago* (last edited 9 months ago)

We broke .local, pls give another chance, we promise we'll be responsible with .internal tho

[-] MSgtRedFox@infosec.pub 2 points 9 months ago

For real. Once Google and others started killing DNS lookups in mobile devices, think about how many legacy networks had to get rebuilt.

Maybe we could all just make up our minds.

[-] mozz@mbin.grits.dev 3 points 9 months ago

Honestly the whole fabric of the internet, how email/SMTP and DNS and things work, is just a relic of an earlier time. I honestly think the money-men have their hands deep enough into the workings at this point that you wouldn't be able to create something like those things today and have them go anywhere. I'm surprised that it all still works as well as it does.

[-] c0mbatbag3l@lemmy.world 0 points 9 months ago

You mean the OSI and TCP/IP models? Or just specifically TCP/UDP ports?

[-] mozz@mbin.grits.dev 2 points 9 months ago

No, I was talking about the shared infrastructure. SMTP, DNS, ICANN, things like that require a level of cooperation and shared investment in the whole thing working well, not really because anyone's going to "win" the business game by running it to their particular advantage. That's a very alien way of thinking on the modern internet. The equivalent today would be something like massive publicly available caching web proxies that anyone could use as a big reverse-CDN to speed up their web access that were just kind of provided to everyone, government-funded, just sitting out there as a public resource. You know, like communism.

I've heard network engineers say they had a lot of trouble talking to their bosses about "peering" (setting up routes between two ISPs that happen to have operations close to each other, so they can hand traffic off to each other if it'd be more efficient to use the other guy's routes and both networks get more efficient to operate). They said they had a lot of trouble explaining the concept to the business people. They pay us for service? Fine. We pay them for service? Fine. We provide service to each other and both of us benefit without any money being involved? Plt... bzzt... I give up, I don't get it. Who gets paid? Why do we do this?

They've lost sight of the idea that it's a good thing to set up the world in a nice well working way (for everyone, including yourself), and just focused on how they can make their check bigger even if there's no point, or even if everything gets worse as a result.

[-] breadsmasher@lemmy.world 2 points 9 months ago

Just out of curiosity, does your company use a different TLD or something more arbitrary/just an IP?

[-] reddig33@lemmy.world 3 points 9 months ago

.local already exists. More idiocy from ICANN.

[-] pupbiru@aussie.zone 14 points 9 months ago* (last edited 9 months ago)

.local exists for a very specific reason and it’s not meant to be used by regular DNS… people use it for alternate things, but it’s reserved for mDNS

if .internal were to be added, we could start using that instead of overloading!

[-] LordCrom@lemmy.world 1 points 8 months ago

.local is a bad choice especially if you have any MAC hosts on the network.

There is an RFC about that, but I'm too sleepy to goook it up

[-] MystikIncarnate@lemmy.ca 1 points 9 months ago

I have clients that use internal, but they do it as a subdomain; so internal.contoso.com

Any internal only domains that I set up are probably going to go the same way. I've used domain.local previously, and the DNS headache I get from that is immeasurable.

With so many things going "to the cloud" or whatever, the internal.domain.tld convention tends to make more sense to me.

What's everyone else doing?

[-] Shadywack@lemmy.world 0 points 9 months ago

Porn sites would like this.

[-] 5714@lemmy.dbzer0.com -1 points 9 months ago
[-] Supermariofan67@programming.dev 0 points 9 months ago

Explain what's wrong with this. I'm out of the loop, seems like a good idea to me at first glance.

[-] 5714@lemmy.dbzer0.com 5 points 9 months ago* (last edited 9 months ago)

It's the SPOF for most of the internet, it's function should be democratic and distributed.

Registering TLDs costs absurd amounts of money last I checked.

[-] owen@lemmy.ca 3 points 9 months ago

SPOF = single point of failure

this post was submitted on 29 Jan 2024
29 points (100.0% liked)

Sysadmin

7679 readers
17 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 1 year ago
MODERATORS