If you don't have a public domain, then the correct domain to use in an
internal networks is home.arpa, see:
https://tools.ietf.org/id/draft-ietf-homenet-dot-07.html
home.arpa. is intentionaly set up as an unsigned delegation, so it won't
break when someone uses dnssec. Other domains will fail dnssec.
Unfortunately, noone seams to ever check dnssec for some reason, and
noone seams to care about home.arpa either. But I'm still optimistic
that this may someday change.
Regards,
Daniel Abrecht