Learning new things – naming your internal domains

From SANS:

Cert.org this week warned again that internal top level domain names can be used against you, if one of these domains happens to be registered as a new “generic top level domain” (gTLD). Currently, there are about 1200 approved gTLDs , and the number will only increase even though the initial “gold rush” seems to have leveled off somewhat [1]

US-Cert just sent out a reminder again regarding the use of internal domain names for automatic proxy configuration via WPAD. If this internal, but not officially assigned TLD is all for sudden used on the public internet, then requests may got to a host within that official TLD, instead of your internal TLD. This is in particular a problem for mobile devices that leave your network.

US Cert points out a couple of options, most importantly the use of an actual assigned domain, which should be the preferred solution to this problem.

I had preferred using “.int” for internal domains as it seems nicely intuitive and I’d never seen .int on a registrar’s list.

However, I just discovered that .int is reserved for international organizations and treaty-related purposes.

Luckily isn’t a treaty organization with the same acronym I’ve used internally, but that’s blind luck.  From now on I’ll make an internal sub-domain of the public domain to avoid conflicts.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s