On Sun, 2021-05-02 at 12:34 +0000, Jason Long via samba
wrote:> Hello,
> Excuse me, can you explain it more?
> If my server didn't have any internet connection, then a domain like
> "microsoft.com" is acceptable?
Aside from just being 'rude' to use (squat) on a domain you don't
own,
there are a number of serious matters that come about from choosing a
domain not correctly delegated.
Yes, on a totally isolated network (air gap) then there is no internet,
no domain name system nor domain registry, but on the more common
situation of 'behind a firewall', registered internet domains matter.
For example, if your clients will reach out up the DNS tree looking for
servers which support DNS updates, trying to register their names. The
ever-observant administrators at ozlabs.org, who host my domain
abartlet.net very often noticed when I was at a conference, because my
test domains on my laptop would start trying to update names under
abartlet.net from (eg) Microsoft plugfest lab IPs!
The other issue is that in terms of DNSSec etc, your domain will always
be an imposter. As clients increasingly check signatures, yours will
not appear in the parent zone as a valid child.
And finally, of course if you squat over a domain, you prevent your own
clients accessing that domain, and in in inverse, if they do access the
real 'microsoft.com' they can be directed elsewhere, not always to
where you want.
Some of the common 'lab' domains names are, I'm told by my security
team at work, actually held by malicious entities, and could return
harmful results, designed to attract traffic!
So just don't.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions