When I started using DNS for Active Directory back to 2000, I was always choicing the company's registered domain name as the Internal domain name. But I found that it is not a good idea for those companies not hosting there email or website by their own and using .local instead may be more suitable for them, which eliminates a lot of confusions about manually adding these DNS records to the DNS server. I never realized that there could be a potential issue but...here it is. I found this article below from Windows IT Pro Magazine Blog, the main issue is that if you use these nonstandard DNS names, you can't obtain certificates from a 3rd party Certificate Authority (CA), which might cause problems for your organization.
Here is the full article:
Companies often use a .local or .pvt TLD to name an AD tree. However, as I explain shortly, it's better to use a standard naming method--for example, create a name by using a subdomain of your company's DNS address space (e.g., if your company's DNS domain is ntfaq.com, you could name your AD tree ads.ntfaq.com). When you use this method, though, you must remember that the DNS information for the AD tree is hosted on internal DNS servers, not on your external DNS servers. This means that external users can't see information about your internal infrastructure because external users can access only the external DNS server, which has no information about your internal infrastructure. Alternatively, if you want to create a second-level name for your AD domain, reserve another name--for example, ntfaq.net--but don't set your AD domain to the same name as your external name, to avoid causing confusion in name resolution.
If you're determined to use a nonstandard TLD in your domain name, avoid the use of .local or .pvt because they aren't reserved. Instead, use one of these reserved top-level domains:
- .test
- .example
- .invalid
- .localhost
You can find more information about these names in Internet Engineering Task Force (IETF) Request for Comments (RFC) 2606. Remember, if you use these nonstandard DNS names, you can't obtain certificates from a third-party Certificate Authority (CA), which might cause problems for your organization.