Why use .local domain

I know when naming an AD (Active Directory) organization, it's recommend using .local rather then a top level domain. Why is that? I know using .local is non-routable which protects the domain, what is the concept of using a .local domain name?.


Most companies have DMZ's (Demilitarized Zone)  and have external domains available on the internet that may route into their network somewhere. If your company's external site is abcinc.com and that is what you call your internal domain it will cause DNS routing issues internally. The key is to use a domain name different than your external presence, like abcincad.com instead of abcinc.com.

It's also a security feature and the .local is not a FQDN (Fully Qualified Domain Name) so it can't be used in hack tools on the internet.

It does not really matter what you use. It just needs to be something that is not a FQDN, hence not routable through the internet. The .local domain is sort of a commonly used standard. But you can also use .inside or .farscape.