That said, the domain.local would be favored “slightly” simply because it cannot be propagated elsewhere on the internet. But the same can be done with domain.com, and is commonly handled that way – I maintain an inside DNS server with my domain.com which has NO connection whatever with the external one version of my domain.com, so they’re equally secure in that respect.

However, if you’re using the same physical server for both inside and outside Name Service, you’re looking for trouble anyway.

My $.02
Bob