Should our small office have internal DNS servers?
Reading from your comments...
I would 100% keep DNS. I would also extend your LDAP implementation to AD. 50 people is definitely large enough; I would implement DNS for >10 users if they are at all non-technical and had multiple internal resources they needed to access.
Regarding the cons:
- No IPv6 Support currently
Which platform do you use? There are multiple platforms with IPv6 support - namely OpenDNS
- VPN config causing issues
No offense intended, but maybe you should work out why the VPN configs are breaking DNS and solve that? It's better than the work-around bandaid of "Nope, internal DNS is too complicated to work with the VPN!".
- the maintenance
Automate, automate, automate - it shouldn't be too difficult as long as you take a smart approach to DNS entries and system management as a whole. DNS shouldn't have to be radically changed (at least not often).
Keep the internal DNS, if necessary make it redundant.
- SplitBrain DNS is a mess, but usually you have (a lot) more internal records than external. Plus you can split your traffic: internal uses internal IPs, externally uses external ones.
- AD relies 100% on DNS
- You are not dependent on your ISPs DNS, because your DNS would be able to use recursion.
- You don't want everybody to be able to look up your internal ressource
- You don't want to provide you internal ressources to your (DNS-)ISP
You don't need you own DNS, when everybody is just using the internet and you don't have to manage your own servers. VPN sounds to me like internal services, jst kepp them internal.
- No IPv6 Support currently
There are still DNS-Servers without v6 out there? Get up to date here.
- Have had several problems with DNS being split, mostly with VPN config
Config problems will not go away with a service going away. You will still have to setup you vpn correctly, now including breakout rules for external DNS traffic.
- Maintenance on a server that might be unnecessary
DNS is usually small and does not need an own box. Just set one up on one of your reliable servers (like file or mail).