host your subdomain on your own ?

[Tony Finch]

A couple of generaal points about private names and addresses:

If you have a private subdomain, e.g. private.cam.ac.uk, and a
non-negligible number of users, the names *will* leak into the outside
world and your public nameservers will get queries for them. You should
make sure that your public nameservers return a definite nodata or
NXDOMAIN reply for your private names, not REFUSED, nor a referral to an
RFC 1918 address. The latter two will cause resolvers to retry, and the
retries can become a large proportion of your total authoritative query
traffic.

I have some vague unease about the interaction between the web security
model and names that resolve to RFC 1918 addresses outside their home
network. And some more specific unease about risks of ssh, if you are ever
careless about accepting ssh unknown host warnings. So I guess if you are
careful and you know what you are doing (and by implication, if you don't
have many users) you can put RFC 1918 addresses in public zones, but I
wouldn't recommend it. Assign yourself an IPv6 ULA prefix and use that
instead :-)

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  https://dotat.at/
Plymouth, Biscay: Northwest veering north or northeast, 3 to 5.
Moderate or rough. Occasional drizzle or showers later. Moderate or
good, occasionally poor later.