]> Internet Assigned Numbers Authority

kim.davies@iana.org

Internet Corporation for Assigned Names and Numbers

andrew.mcconachie@icann.org

Internet-Draft This document describes the reservation of the ".internal" top-level domain for use in private applications.

Introduction There are certain circumstances where private network operators may wish to use their own domain naming scheme that is not intended to be used or accessible by the global domain name system (DNS), such as within closed corporate or home networks. The "internal" top-level domain is reserved to provide this purpose in the DNS. Such domains will not resolve in the global DNS, but can be configured within closed networks as the network operator sees fit. This reservation is intended for a similar purpose that private-use IP address ranges that are set aside (e.g. ).

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in when, and only when, they appear in all capitals, as shown here. This document assumes familiarity with DNS terms; please see .

Using the ".internal" Namespace Network operators have been using different names for private-use DNS for many years. This usage is uncoordinated and could result in incompatibilities or harm to Internet users. For example, an organization might choose to use a name for this purpose that has not been assigned to them, that would later appear in the global DNS thereby causing name collisions and undefined behavior for users. If an organization determines that they require a private-use DNS namespace, they should either use sub-domains of a global DNS name that is under their organizational and operational control, or use the "internal" top-level domain. This document does not offer guidance on when a network operators should choose the "internal" top-level domain instead of a sub-domain of a global DNS name. This decision will depend on multiple factors such as network design and organizational needs and is outside the scope of this publication. The "internal" namespace and the "alt" namespace have been reserved for different purposes. "alt" has been reserved for non-DNS contexts, whereas "internal" is intended for use with the DNS protocol for in a private-DNS context.

IANA Considerations The document requires no IANA actions. For the reasons stated above, the "internal" top-level domain is reserved from being used in the global DNS and therefore MUST NOT appear in the DNS root zone.

Security Considerations While the namespace is designated for private use, there is no guarantee that the names utilized in this namespace will not leak into the broader Internet. Such usage may include appearance in log files, email headers, and the like. Users, therefore, should not rely on the confidentiality of the "internal" namespace. Users should also not assume the appearance of such names is indicative of the true source of transmissions. When diagnosing network issues, the appearance of such addresses must be interpreted with the associated context to ascertain the private network with which the name is being used. A private-use name can never be used by itself to identify the origin of a communication. It is entirely likely that many of the same names will be used for entirely differnet purposes on different networks connected to the Internet.

Additional Information This reservation is the result of a community deliberation on this topic over many years, most notably . The SAC113 advisory recommended the establishment of a single top-level domain for private-use applications. This top-level domain would not be delegated in the DNS root zone to ensure it is not resolvable in contexts outside of a private network. ICANN implemented the recommendation of SAC113 through a process that first identified an appropriate selection procedure, and then conducted a selection process which determined "internal" was the best suited string given the requirement that a single string be selected for this purpose. The ICANN Board of Directors subsequently adopted this recommendation and formally decided the reservation in July 2024.

In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. The Domain Name System (DNS) is defined in literally dozens of different RFCs. The terminology used by implementers and developers of DNS protocols, and by operators of DNS systems, has changed in the decades since the DNS was first defined. This document gives current definitions for many of the terms used in the DNS in a single document. This document updates RFC 2308 by clarifying the definitions of "forwarder" and "QNAME". It obsoletes RFC 8499 by adding multiple terms and clarifications. Comprehensive lists of changed and new definitions can be found in Appendices A and B. This document describes address allocation for private internets. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document reserves a Top-Level Domain (TLD) label "alt" to be used in non-DNS contexts. It also provides advice and guidance to developers creating alternative namespaces.

Notes (for removal before publication) I-D source is maintained at: https://github.com/kjd/draft-davies-internal-tld

Acknowledgments TBD

Contributors ICANN

paul.hoffman@icann.org