Always choose the right DNS / Active Directory domain name for your 2024 home lab

When setting up your home lab and Active Directory, you will have to decide for the domain nameand also for an Active Directory name. Very often you will see recommendation like “.local” and you shouldn’t be doing that.

Table of Contents

• Why not to use .local or others?
• When should I use home.arpa
• What should I use for Active Directory?
• What will i be using for my home lab?
• Conclusion

Why not to use .local or others?

You will see recommendations to use .local and I have used this myself in the past. Take your time and read RFC 6762 to understand how .local is used and why it may cause issues with your local setup.

This document specifies that the DNS top-level domain “.local.” is a special domain with special semantics, namely that any fully qualified name ending in “.local.” is link-local, and names within this domain are meaningful only on the link where they originate.

DNS clients might sometimes choose to defer the resolution of .local spTLDs to the system’s mDNS resolvers instead of its DNS resolver. This could lead to some unexpected issues, like domain resolution conflicts or a situation where only some devices can resolve your domains.

Important: Don’t use undelegated domain names like .lan, .home, .private, .homenet, or .network. Don’t make up your own domain name.

When should I use home.arpa

You haven’t used and seen home.arpa before? Take a look at the specifications in RFC 8375.

Users and devices within a home network (hereafter referred to as “homenet”) require devices and services to be identified by names that are unique within the boundaries of the homenet [RFC7368]. The naming mechanism needs to function without configuration from the user. While it may be possible for a name to be delegated by an ISP, homenets must also function in the absence of such a delegation. This document reserves the name ‘home.arpa.’ to serve as the default name for this purpose, with a scope limited to each individual homenet.

If you need a DNS server to support you with this configuration and you want to take it to the next level, I would recommend this blog to learn how to run a clustered DNS server using Open Source technology with a home.arpa DNS.

What should I use for Active Directory?

This is one of the very often discussed questions. Maybe only beaten by the intensity of discussions around virtualized Domain Controllers and the right size of pagefiles for Windows Servers.

This is my personal recommendation and one of the best practices you will see in many discussions. It also applies to a home / dev / test lab scenario. Such questions can be very complex in large enterprise organizations.

It is also recommended by Microsoft.

Generally, we recommend that you register DNS names for internal and external namespaces with an Internet registrar. This includes the DNS names of Active Directory domains, unless such names are subdomains of DNS names that are registered by your organization name.?

There are general recommendations my Microsoft around DNS, that also refer to the RFC articles mentioned earlier.

1. Avoid Single-label domain namespaces. Single-label DNS names are names that don’t contain a suffix, such as .com, .corp, .net, .org, or companyname. For example, host is a single-label DNS name. This will be a massive problem with any certificates and modern encrypted network communication.
2. Avoid Reserved Names like i.e. DOMAIN & ENTERPRISE. The full list is available here.
3. Avoid using names that are used in internet-standard special features, such as .local.
4. Avoid a generic name such as?domain.localhost. This is because another company that you merge with in the future might follow the same practice.

What will i be using for my home lab?

I will be using an unused sub-domain of a domain that I use publicly. In my case this “ad.hartiga.de.

When I promote the first Domain Controller in my home lab, I will get the option to choose for the NETBIOS name and there I will use hartiga, so I have full visibility to myself and readers of my blog, that I am running in my personal homelab / test environment.

By using ad.hartig.de I can use DNS configurations to have my Windows DNS Servers run this zone, while my Technitium DNS Servers know to forward all DNS requests from clients to the Windows DNS Servers. So I can use automatic naming resolutions for servers that are domain joined.

If you want to build your own home lab, you can start here.