Seconding the other comment, lots of orgs picked .lan and then over the last few years have moved things into the cloud and .lan has become a meaningless soup since half the shit isn’t even on local network. Now it just means “needs a vpn or ztn to talk to”
Luckily my last three orgs finally bought a second domain for private dns. It’s quickly becoming a pattern that myorg.com owns myorg.tech or whatever for private traffic. Domains are cheap as fuck compared to everything else a business spends money on, it’s really silly how many people are using hacks for this
I think needing a VPN to access the internal network is a good practice. And if you’re going to be used a VPN anyway, I don’t see why you wouldn’t use a “fake” TLD like .lan for internal stuff, after all it’s just simple DNS rules.
It’s used in many cases where the machine may not be on the LAN and LAN is a technical term. “Internal” is not and to me signifies that it’s “not public” aswell as probably managed by someone, well, internally at the entity you’re with.
A good move!
I’m surprised they didn’t codify “.lan” though since that one is so prevalent.
Seconding the other comment, lots of orgs picked .lan and then over the last few years have moved things into the cloud and .lan has become a meaningless soup since half the shit isn’t even on local network. Now it just means “needs a vpn or ztn to talk to”
Luckily my last three orgs finally bought a second domain for private dns. It’s quickly becoming a pattern that myorg.com owns myorg.tech or whatever for private traffic. Domains are cheap as fuck compared to everything else a business spends money on, it’s really silly how many people are using hacks for this
I think needing a VPN to access the internal network is a good practice. And if you’re going to be used a VPN anyway, I don’t see why you wouldn’t use a “fake” TLD like .lan for internal stuff, after all it’s just simple DNS rules.
VPN is inherently not zero trust. You really should be moving to ZTN based tools
It’s used in many cases where the machine may not be on the LAN and LAN is a technical term. “Internal” is not and to me signifies that it’s “not public” aswell as probably managed by someone, well, internally at the entity you’re with.