@arichtman because a few people are asking:
.local was never officially reserved for internal networks and is (ab)used by the bonjour/mDNS protocols to do hostname resolution when no TLD is specified.
.internal is now the recommended way to get a TLD for your internal networks. However you will need to use a custom CA if you want TLS to work, or buy a domain and use public CAs if you don't control every device that will connect.