For the longest time anything was a good internal domain name. Yes, obviously you avoided .com, .net, .org, and other usual suspects but anything else was quite OK. While some people did go distance on this, most of networks sort-of settled on .local or .lan. And all was nice and dandy.
However, lately two things have happened lately to mess with fairy tale. First was of course that ICANN smarties decided to create a zillion new top-level domains. And then there was Apple and their kidnapping of .local suffix for the purpose of mDNS.
Just like that people found Apple devices no longer playing nicely on .local domain and all other domains got big on-sale sign with a potential for collision down the road. There was an RFC with a few reserved domain names but neither one of those actually fits the local LAN setup. And yes, there were some attempts at properly reserving the few most common domains (e.g. .lan, .home, .corp, ...) but that RFC never went anywhere.
And ICANN did try to sell all three most common local names already but found itself in a bit of a bind due to a high usage of these domains in households and companies alike. Just imagine a mess some company's network could be in if .corp gets delegated and someone buys login.corp domain. While ICANN has slowed process a bit for the most conflicting domains due to the security report, spammers are pushing to get those domains on market.
As a general rule, the only sure way not to have your domain clash with newly introduced spam domains is actually to buy your own domain. Even if you don't want to ever have a website, you need to get a domain. I find this solution annoyance and a mini money grab at best. However, this seems to be the only sure way spammers won't get to resolve your DNS requests. That is until you forget to renew the domain.
I personally have settled on .home for now for my own network. Based on the DNS query stats for the undelegated domains, it is among top 3 most abused domains and thus it is unlikely it will be sold for use as top domain without many feathers being ruffled. That should allow me enough time for the migration to some other domain.
Why not “internal.medo64.com” but which you do not actually serve on the external internet? This is pretty much Microsoft’s recommendation for active directory, but it makes total sense given what “*.medo64.com” is: something you own because you paid for it.
See: https://serverfault.com/a/76721/6242
And immediately after hitting submit, I read the one paragraph of the post I skipped and see that’s what you mention. Whoops. Sorry.
I guess the answer is “don’t forget to renew the domain by setting up autorenew with a trusted domain registrar”?
I agree, but it still seems wrong that I need to have registered domain just to handle my internal DNS. It just makes me feel dirty. Too much .local in my life I guess. :)
Problem I have with using medo64.com (or jmedved.com) as my internal domain is with it not fitting other people in my family. For example, I find having legolas.medo64.com much uglier than legolas.home (yes, I have all computers named after LoTR characters). If I have medved.com or medved.net, that would be ok, but with my current domain, it just feels wrong…