Skip to content

Change default DHCP domain to internal #8535

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fichtner merged 1 commit into from
May 14, 2025
Merged

Change default DHCP domain to internal #8535

fichtner merged 1 commit into from
May 14, 2025

Conversation

@Self-Hosting-Group
Copy link
Contributor

@Self-Hosting-Group Self-Hosting-Group commented Apr 9, 2025
edited
Loading

as current domain is blocked by DNSSEC validating clients

This PR changes the domain, updates the help and also adds it to the new setup wizard. And don't just suggest the name as in #5898, update the default as previously suggested in #7193.

systemd-resolved has internal on its DNSSEC negative trust anchor list since 2016, where home.arpa was added later:
systemd/systemd@30c7780#diff-23206c93f79c419c8a911a58d533e3ca9a6103ff215a5fcc887aaecb59021276R155

.internal history

Internal was first mentioned in RFC 6762 (2013) within multicast DNS:
https://datatracker.ietf.org/doc/html/rfc6762#appendix-G

IANA assessment (2024-01):
https://itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf

ICANN board resolution (2024-07):
https://www.icann.org/en/board-activities-and-meetings/materials/approved-resolutions-special-meeting-of-the-icann-board-29-07-2024-en#section2.a

IETF RFC draft (2025-03):
https://datatracker.ietf.org/doc/html/draft-davies-internal-tld
According to the last IETF 122 meeting there is Almost no work to do:
https://datatracker.ietf.org/doc/minutes-122-dnsop/

.home.arpa (former aproch/name)
https://datatracker.ietf.org/doc/html/rfc8375

@Self-Hosting-Group
Copy link
Contributor Author

Self-Hosting-Group commented Apr 9, 2025

  1. Should we slightly improve the current help text to mention DNSSEC validating clients?
  2. Should this change also be applied to the 24.7 branch/setup wizard?

@Self-Hosting-Group
Change default DHCP domain to internal
dacc312 
as current domain is blocked by DNSSEC validating clients

Close opnsense#8535
@fichtner
Copy link
Member

fichtner commented Apr 15, 2025

  1. defaults are better than lengthy help texts
  2. definitely not the stable branch, because we avoid reissuing images on stable branches so no need to taint the code there

Self-Hosting-Group added a commit to Self-Hosting-Group/core that referenced this pull request Apr 15, 2025
@Self-Hosting-Group
Change default DHCP domain to internal
9b7aac8 
as current domain is blocked by DNSSEC validating clients

Close opnsense#8535
Self-Hosting-Group added a commit to Self-Hosting-Group/core that referenced this pull request Apr 15, 2025
@Self-Hosting-Group
Change default DHCP domain to internal
b4fc359 
as current domain is blocked by DNSSEC validating clients

Close opnsense#8535
Self-Hosting-Group added a commit to Self-Hosting-Group/core that referenced this pull request Apr 15, 2025
@Self-Hosting-Group
Change default DHCP domain to internal
77bb960 
as current domain is blocked by DNSSEC validating clients

Close opnsense#8535
Self-Hosting-Group added a commit to Self-Hosting-Group/core that referenced this pull request Apr 15, 2025
@Self-Hosting-Group
Change default DHCP domain to internal
86e282b 
as current domain is blocked by DNSSEC validating clients

Close opnsense#8535
@Self-Hosting-Group Self-Hosting-Group force-pushed the internal-domain branch 2 times, most recently from 86e282b to dacc312 Compare April 15, 2025 15:31
@Self-Hosting-Group
Copy link
Contributor Author

Self-Hosting-Group commented May 5, 2025

I have updated the PR without using markup and an updated suggestion for the help text.

  1. defaults are better than lengthy help texts
  1. I have shortened the list of suggested domains, removing the normal (net/com) domains as they can cause problems with DNSSEC validating clients, and only mentioning internal and name.internal. Or home.arpa as well?
  2. I have added a short note about DNSSEC issues, is it too long or would it be better to leave it out completely?

Or maybe even shorter:
Do not use 'local' as internal domain name, as reserved for mDNS and will interfere with mDNS (avahi/bonjour). Use special-use domain internal, also to avoid DNSSEC issues. E.g. internal, name.internal.

@fichtner fichtner self-assigned this May 14, 2025
@fichtner fichtner merged commit 4d76d3f into opnsense:master May 14, 2025
@fichtner
Copy link
Member

fichtner commented May 14, 2025

Merged, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fichtner fichtner fichtner left review comments

Assignees

@fichtner fichtner

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Self-Hosting-Group @fichtner