Migrate domain .lan to .local

[toxic]

Hello,

I first installed my opnSense a few years ago and I chose to have my LAN on a domain called ".lan", but now I hate myself as most of the time browsers don't know this tld and direct me to google or my default search engine when I type router.lan or server.lan in the address bar... unless I explicitely tell them https:// or http:// in front...

It's a pity as .lan is much faster to type as .local, but hey, no I've seen that most browsers know and deal properly with .local

Do you know of an easy way for me to switch to .local ? I'd really like something to keep resolving .lan by simply trating anything.lan as a CNAME of anything.local so my existing setups continue to work the time for me to update all my configs, like my /etc/fstab, my reverse proxies... if it's not CNAME and still myserver.lan gets resolved the same way as myserver.local I'd be happy ;)

Also to note : I have 2 opnSense doing CARP failover and syncing their conf...

if you know a better alternative to .local that would keep working with devices that are trying to use DNSsec or google's DNS like my android phones, feel free to share as well, I'd still like to keep it contained in my opnSense boxes.

Thanks in advance for any input !

[Patrick M. Hausen]

Never use .local as your local private domain. It's reserved for mDNS and all kinds of mess depending on your desktop operating systems will be the result.

https://en.wikipedia.org/wiki/.local

[toxic]

Thx for the info !
Will stay away from .local then, though that seemed promising... any advice then what to use ?

[Patrick M. Hausen]

I pick a real domain I do own, like my company's punkt.de and then create a subdomain that is not visible on the Internet, like intern.punkt.de.

Besides, what's wrong with .lan? Your problem probably is that you should pick a domain within .lan, not place your hosts directly into a TLD. Like ... lemmethink ... toxic?  ;) So toxic.lan would be your domain and router.toxic.lan, server.toxic.lan ... would be your hosts.

HTH,
Patrick

[meyergru]

Or you can use the browser mechanism for that.

For example, in Firefox, you can add a boolean setting with a true value named browser.fixup.domainsuffixwhitelist.xyz via "about:config" in order to have the suffix .xyz be accepted as such.

With chrome, there are fixes, but this seems to have been a long-standing development request that has never been honored...

[payload_badger]

home.arpa

RFC - https://www.rfc-editor.org/rfc/rfc8375.html

Its also set in IANA's special use domain names.

https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml

[toxic]

Thanks everyone for the help !
I'm kinda tempted with .arpa but a bit lazy to change things up right now, especially since the trick by meyergru really did it for me ! Thanks bro, I'm using firefox anyway, so that works wonders for me !

Also I'm not quite sure how using "subdomains" like host.alwaysrepeaded.tld instead of host.tld would help, it's longer to type for sure. I already own a "real" domain but never found a nice way to have the DNS present different answers based on where the query comes from. Also it would be difficult to enable DNSsec I suppose with this as I'd actually be spoofing DNS when on local network... Maybe I could make my own DNS real owner of my own domain instead of the NS of my registrar but their registrat enables me to use letsencrypt... I'm still using unbound and for the firewall itself it can't even make it serve the proper answer, it's serving IPs for it's own name that aren't reachable over most networks... I highly doubt I'd me able to get a DNS challenge working for letsencrypt if I run my own nameserver, haven't found any "opnsense" or similar API in any known ACME client...

So I think I got my answer for now with the browser trick, and if anyone has a nice DNS in mind to run on my opnsense boxes to do views easily and somehow integrate with the dhcp of opnsense, that would be great ;)