Should our small office have internal DNS servers?

internal-dns

Reading from your comments...

I would 100% keep DNS. I would also extend your LDAP implementation to AD. 50 people is definitely large enough; I would implement DNS for >10 users if they are at all non-technical and had multiple internal resources they needed to access.

Regarding the cons:

  • No IPv6 Support currently

Which platform do you use? There are multiple platforms with IPv6 support - namely OpenDNS

  • VPN config causing issues

No offense intended, but maybe you should work out why the VPN configs are breaking DNS and solve that? It's better than the work-around bandaid of "Nope, internal DNS is too complicated to work with the VPN!".

  • the maintenance

Automate, automate, automate - it shouldn't be too difficult as long as you take a smart approach to DNS entries and system management as a whole. DNS shouldn't have to be radically changed (at least not often).


Keep the internal DNS, if necessary make it redundant.

  • SplitBrain DNS is a mess, but usually you have (a lot) more internal records than external. Plus you can split your traffic: internal uses internal IPs, externally uses external ones.
  • AD relies 100% on DNS
  • You are not dependent on your ISPs DNS, because your DNS would be able to use recursion.
  • You don't want everybody to be able to look up your internal ressource
  • You don't want to provide you internal ressources to your (DNS-)ISP

You don't need you own DNS, when everybody is just using the internet and you don't have to manage your own servers. VPN sounds to me like internal services, jst kepp them internal.

  • No IPv6 Support currently

There are still DNS-Servers without v6 out there? Get up to date here.

  • Have had several problems with DNS being split, mostly with VPN config

Config problems will not go away with a service going away. You will still have to setup you vpn correctly, now including breakout rules for external DNS traffic.

  • Maintenance on a server that might be unnecessary

DNS is usually small and does not need an own box. Just set one up on one of your reliable servers (like file or mail).

Related

Servers fail to bind to addresses at boot
Samba (CIFS) mount error(9): Bad file descriptor
Find the used hard disk data and solve disk pressure [duplicate]
Optimizing Apache and MySQL on Linux Xen VPS
Change default crontab editor to nano in FreeBSD
How does Wikipedia generate its Sitemap?
JBOSS App Server vs. Glassfish
How do I programmatically test if it's possible to connect to the X server specified in $DISPLAY
Site has been under a massive DDOS attack for 5 weeks now
Change filesystem encoding to UTF-8 in Ubuntu
SQL Server: Statements vs. Batches vs. Transactions vs. Connections
How to restart after making chnages to hosts.allow