Pfsense and the "local" search domain



  • Hi!

    I just switched to pfsense in a WAN to multi-LAN setup, and everything is working fine, except for one thing. The domain option in general setup has this label: "Do not use 'local' as a domain name. It will cause local hosts running mDNS (avahi, bonjour, etc.) to be unable to resolve local hosts not running mDNS.".

    The problem is that unless I have local as my search domain, I can't resolve local machines by their hostname since they are using .local (which is the default for many systems and appliances).

    What is the right way to handle this, other than changing the domain name of all machines (which for some appliances is not even possible)? Can I specify another search domain to be pushed to DHCP-clients? (I have not found any such option, and I have tried using custom dnsmasq commands to no avail)

    I have not yet discovered any problems with bonjour/avahi, and I was using the local domain in my previous router without a problem, but maybe pfsense is different?

    Any suggestions?

    /Erik



  • If you have strictly a non-Apple network, .local usually won't be a problem. As it says, any mDNS-enabled hosts will have problems (with everything, this has nothing to do with any router or firewall in particular) if you expect .local to work via DNS. That's generally only Apple devices though. If you were previously using .local with no problems, it's fine to continue to use it. If you introduce any mDNS-enabled hosts, they won't resolve .local via DNS though.



  • Thank you for your reply.

    I have a mostly Mac network, with a couple of iOS devices and an AppleTV in addition to a couple of linux servers and Android phones. I have not experienced any DNS issues so far, so I guess it's working just fine. My iPad is showing up wirelessly in iTunes via Bonjour, and AFP share are working without any problems. I'll see if any problems arise.

    Thanks again,

    /Erik



  • Is there anything new on domains being reserved for local networks? I've been using .home for several years with no issues.

    This is the last I've seen on more allowed names and it looks to be expired:

    http://tools.ietf.org/html/draft-chapin-rfc2606bis-00

    Which was hoping to add these to the 2606 ones:

    .local
    .localdomain
    .domain
    .lan
    .home
    .host

    RFC 2606 reserved these:

    .test
    .example
    .invalid
    .localhost



  • RFC 6762 is the one that officially defines the use of ".local" for multicast-DNS. Appendix G has a bit of discussion about other TLD names commonly used in internal networks. https://tools.ietf.org/html/rfc6762#appendix-G
    I had been looking for the final result of that draft you referenced, and it does seem it has expired without any further progress. It seems obvious to me to reserve a few names like this, but someone in the IETF must have a reason to not want to do so?


Log in to reply