I administer a small office (<50 people). We have always had internal DNS servers in the office. DNS servers are pretty straightforward, but we have run into trouble with them in the past. We have some office resources that are only available in the office, or externally over VPN, and we also have some office resources with a public address and record. Those resources currently have the same DNS name, though that's not necessarily a requirement, and there are far fewer of them than there used to be.
We also already own the internal office namespace, so it's conceivable that I could populate my public DNS with all the private IP addresses of the internal office resources we have and just stop using internal DNS altogether.
Is this a good idea? I've never worked in a place that doesn't have internal office DNS. What are some reasons why we should still keep it? It was once critical, now is still convenient, but the problems we've run into aren't making it feel convenient anymore.
Current Reasons to keep:
- Split DNS lets us use the same hostname for those resources that are hosted internally but also available externally
- We have a few test domains that we haven't needed to buy but would need to if we got rid of them
- ??? it's familiar and comforting?
Reasons to get rid of it:
- No IPv6 Support currently
- Have had several problems with DNS being split, mostly with VPN config
- Maintenance on a server that might be unnecessary
Best Answer
Reading from your comments...
I would 100% keep DNS. I would also extend your LDAP implementation to AD. 50 people is definitely large enough; I would implement DNS for >10 users if they are at all non-technical and had multiple internal resources they needed to access.
Regarding the cons:
Which platform do you use? There are multiple platforms with IPv6 support - namely OpenDNS
No offense intended, but maybe you should work out why the VPN configs are breaking DNS and solve that? It's better than the work-around bandaid of "Nope, internal DNS is too complicated to work with the VPN!".
Automate, automate, automate - it shouldn't be too difficult as long as you take a smart approach to DNS entries and system management as a whole. DNS shouldn't have to be radically changed (at least not often).