Who benefits from this? Even though Let’s Encrypt stresses that most site operators will do fine sticking with ordinary domain certificates, there are still scenarios where a numeric identifier is the only practical choice:
Infrastructure services such as DNS-over-HTTPS (DoH) – where clients may pin a literal IP address for performance or censorship-evasion reasons.
IoT and home-lab devices – think network-attached storage boxes, for example, living behind static WAN addresses.
Ephemeral cloud workloads – short-lived back-end servers that spin up with public IPs faster than DNS records can propagate.


I use a domain, but for homelab I eventually switched to my own internal CA.
Instead of having to do
service.domain.tldit’s nice to doservice.lan.Any good instructions you would recommend for doing this?
I just use openssl"s built in management. I have scripts that set it up and generate a
.landomain, and instructions for adding it to clients. I could make a repo and writeup if you would like?As the other commenter pointed out,
.lanis not officially sanctioned for local use, but it is not used publicly and is a common choice. However you could use whatever you want.use the official home.arpa as specified in RFC 8375
No thanks. I get some people agreed to this, but I’m going to continue to use
.lan, like so many others. If they ever register.lanfor public use, there will be a lot of people pissed off.IMO, the only reason not to assign a top-level domain in the RFC is so that some company can make money on it. The authors were from Cisco and Nominum, a DNS company purchased by Akamai, but that doesnt appear to be the reason why.
.homeand.homenetwere proposed, but this is from the mailing list:https://mailarchive.ietf.org/arch/msg/homenet/PWl6CANKKAeeMs1kgBP5YPtiCWg/
So, corporate fear.
But
home.arpa’s top-level domain is.arpa?I’m not sure I follow the question. All of the TLD
*.arpais not reserved for private use, only*.home.arpa. So all your internal services are required to be a sub domain.Sounds like you followed.
Now that I’m moving goalposts, why not use
.home.arpasubdomains?Oops. :)