SoylentNews is people
SoylentNews
https://www.theregister.com/2024/01/29/icann_internal_tld/
The Internet Corporation for Assigned Names and Numbers (ICANN) has proposed creating a new top-level domain (TLD) and never allowing it to be delegated in the global domain name system (DNS) root.
The proposed TLD is .INTERNAL and, as the name implies, it's intended for internal use only. The idea is that .INTERNAL could take on the same role as the 192.168.x.x IPv4 bloc – available for internal use but never plumbed into DNS or other infrastructure that would enable it to be accessed from the open internet.
ICANN's Security and Stability Advisory Committee (SSAC) advised the development of such a TLD in 2020. It noted at the time that "many enterprises and device vendors make ad hoc use of TLDs that are not present in the root zone when they intend the name for private use only. This usage is uncoordinated and can cause harm to Internet users" – in part by forcing DNS servers to handle, and reject, queries for domains only used internally.
[...] ICANN's board still has to sign off the creation of .INTERNAL. But if you want to get ahead of the pack, there's nothing stopping you. Indeed, some outfits already use ad hoc TLDs. Open source Wi-Fi firmware project WRT has used .LAN, and networking vendor D-Link has employed .dlink.
There's nothing stopping you doing likewise.
But as ICANN's proposal for the idea noted: "Operators who choose to use private namespaces of the kind proposed in this document should understand the potential for that decision to have corresponding costs, and that those costs might well be avoided by choosing instead to use a sub-domain of their own publicly registered domain name."
(Score: 2) by Whoever on Thursday February 01 2024, @06:16PM (2 children)
Will the SSL gods allow ".internal" names to be added as an alternate name to signed SSL certificates?
(Score: 4, Interesting) by DannyB on Thursday February 01 2024, @09:03PM (1 child)
Run your own internal certificate authority (CA). Generate your own CA cert. Use that to sign a cert for your .internal domain name. Make sure the CA's public cert is installed on all of your internal computers fleet wide.
No browser outside of your organization is going to trust your SSL. All your internal browsers will.
If everyone did this, then your internal browsers would not trust someone else's internal SSL.
I spent only about ten seconds thinking through this approach. So it probably has some major flaw I have mist.
The Centauri traded Earth jump gate technology in exchange for our superior hair mousse formulas.
(Score: 2) by DannyB on Thursday February 01 2024, @11:28PM
If one of your organization's laptops is plugged in to someone else's network, and that network can resolve .internal domain names, your browsers wont trust the certificates of the servers there.
The Centauri traded Earth jump gate technology in exchange for our superior hair mousse formulas.