The Internet Corporation for Assigned Names and Numbers (ICANN) has agreed to reserve the .internal top-level domain so it can become the equivalent to using the 10.0.0.0, 172.16.0.0 and 192.168.0.0 IPv4 address blocks for internal networks.

Those blocks are reserved for private use by the Internet Assigned Numbers Authority, which requires they never appear on the public internet.

As The Register reported when we spotted the proposal last January, ICANN wanted something similar but for DNS, by defining a top-level domain that would never be delegated in the global domain name system (DNS) root.

Doing so would mean the TLD could never be accessed on the open internet - achieving the org's goal of delivering a domain that could be used for internal networks without fear of conflict or confusion.

ICANN suggested such a domain could be useful, because some orgs had already started making up and using their own domain names for private internal use only. Networking equipment vendor D-Link, for example, made the web interface for its products available on internal networks at .dlink. ICANN didn't like that because the org thought ad hoc TLD creation could see netizens assume the TLDs had wider use - creating traffic that busy DNS servers would have to handle.

Picking a string dedicated to internal networks was the alternative. After years of consultation about whether it was a good idea - and which string should be selected - ICANN last week decided on .internal. Any future applications to register it as a global TLD won't be allowed.

Interestingly, one of the submissions in favor of the idea came from Google, whose vice president and chief internet evangelist Vint Cerf penned a document in which he revealed that the Big G has used .internal for years.

"Google Cloud needed a private-use TLD to remove external dependencies and prevent collisions with delegated TLDs," he wrote. "Due to the lack of an existing private-use name, Google adopted .internal in an ad hoc fashion."

Cerf also revealed that "a significant number of Google Cloud customers" use .internal for enterprise applications that are "deployed at scale across multiple computing environments."

He also wrote that Google is aware the string is already widely used for the purposes ICANN proposed, and that the .internal TLD is already the highest ranked undelegated Top-Level Domain listed on ICANN's own DNS Magnitude statistics page.

ICANN admitted that it is not certain setting aside .internal will improve anything. But the org's decision states "it will not introduce any new security, stability or resiliency issues" or make existing issues any worse.

Those of you who administer internal DNS now have a sanctioned alternative to choosing an ad hoc TLD for your network. Or you can just create a subdomain of your existing TLD - as was possible before ICANN pondered this initiative.

The .internal world is your .oyster. ®

https://www.theregister.com//2024/08/08/dot_internal_ratified/