>>> Phillip Susi <phill@xxxxxxxxxxxx> schrieb am 09.04.2021 um 20:27 in Nachricht <874kgfqphb.fsf@xxxxxxxxxxxxxxxx>: > What special treatment does systemd‑resolved give to .local domains? > The corporate windows network uses a .local domain and even when I point > systemd‑resolved at the domain controller, it fails the query without > bothering to ask the dc saying: > > resolve call failed: No appropriate name servers or networks for name > found I don't know who established using ".local" for Windows AD "DNS" names, but RFC 6762 says: 1. Users may use these names as they would other DNS names, entering them anywhere that they would otherwise enter a conventional DNS name, or a dotted decimal IPv4 address, or a literal IPv6 address. Since there is no central authority responsible for assigning dot-local names, and all devices on the local network are equally entitled to claim any dot-local name, users SHOULD be aware of this and SHOULD exercise appropriate caution. In an untrusted or unfamiliar network environment, users SHOULD be aware that using a name like "www.local" may not actually connect them to the web site they expected, and could easily connect them to a different web page, or even a fake or spoof of their intended web site, designed to trick them into revealing confidential information. (...) 3. Name resolution APIs and libraries SHOULD recognize these names as special and SHOULD NOT send queries for these names to their configured (unicast) caching DNS server(s). (...) 4. Caching DNS servers SHOULD recognize these names as special and SHOULD NOT attempt to look up NS records for them, or otherwise query authoritative DNS servers in an attempt to resolve these names.(...) 5. Authoritative DNS servers SHOULD NOT by default be configurable to answer queries for these names, and, like caching DNS servers, SHOULD generate immediate NXDOMAIN responses for all such queries they may receive.(...) 6. DNS server operators SHOULD NOT attempt to configure authoritative DNS servers to act as authoritative for any of these names.(...) 7. DNS Registrars MUST NOT allow any of these names to be registered in the normal way to any person or entity. (...) RFC 7368 (Home Networking): If, however, a global name space is not available, the homenet will need to pick and use a local name space, which would only have meaning within the local homenet (i.e., it would not be used for remote access to the homenet). The .local name space currently has a special meaning for certain existing protocols that have link-local scope and is thus not appropriate for multi-subnet home networks. Regards, Ulrich > > _______________________________________________ > systemd‑devel mailing list > systemd‑devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/systemd‑devel _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel