Some hosts might treat .local special and ignore DNS servers or DNS query responses that are not from mDNS. Some hosts might first query DNS and then mDNS, some might do it the other way around. Some systems disable mDNS or .local mDNS if a static .local zone is detected which breaks Bonjour and ZeroConf in most configurations.

I would suggest registering a DNS name but not using it externally, just internally. For example, you could take something like my-internal-domain.net but simply not host anything externally and remove all records, maybe even disable name servers. There probably are better conventions for this, but using a ‘real’ (but dead to the outside) has served me well.

I do tend to make dedicated subzones with NS delegations when I go deeper than 1 level, but in theory, if you only have 1 sublevel, you can leave it as-is and IPA will register your hosts with a dot in the name in the record effectively creating a virtual subzone. There is nothing bad about that, but depending on the management functionaliteit you are trying to create your needs may call for a different setup.

So if you can’t provide a strong enough guideline in the IPA community or documentation, try the ones for Kerberos (which IPA uses): https://web.mit.edu/kerberos/krb5-1.12/doc/admin/realm_config.html The same can be (partially) said about Microsof’s AD naming suggestions, as their system also depends on correct naming, uses Kerberos and uses SRV records to find the correct servers for services: https://social.technet.microsoft.com/wiki/contents/articles/34981.active-directory-best-practices-for-internal-domain-and-network-names.aspx

In the past, lots of people chose to use a dummy, unofficial TLD (top-level-domain) for their internal network, like domain.lan, domain.local of domain.internal (and also domain.internalhost)
But this can get you in serious trouble. Because these names are not supported by internet standards, the most important RFC on this is: RFC 2606 (http://tools.ietf.org/html/rfc2606 ) This RFC standard is very explicit on choosing domain names for private testing and documentation

Option 1: Use a valid TLD (Top Level Domain, also known as routable domain) registered to your company. Some examples of this are company.ca or company.com;
Option 2: Use a subdomain of a valid TLD that is registered to your company
Option 3: Use non-TLD name (or non-routable domain). (But not an RFC reserved name!)

On 3 Mar 2019, at 19:08, Vivek Aggarwal via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:

Thanks John,

It would be nice if you can elaborate bit more & share your advise on:-

i) Whats wrong in the current hostname convention as still i dont have clear understanding what is that which is causing a problem in the current setup? .. any links/thoughts which can explain this will be of great help .

ii) Is ".local" is a problem or can i use any other TLD like ".int" ?

iii) Thirdly what is the recommendation for naming Hostname FQDN , does it shouldnot have multiple sub domains ??

Please bear with my questions in case these look bit naive. Thanks a lot for sparing time in answering my concerns.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org