See some discussion in D18078. We currently generate more service records than we probably need, at least some of which can likely be simplified or removed:

• <instancename>.phacility.com: We copy properties from instances into this record so other callers can almanac.service.search it. I think this was just to avoid introducing more API calls. We later added them anyway and will need new call capabilities for private clusters, so we should be able to introduce a new instance.search.new-pro-v3, move callers to it, and then get rid of the <instancename>.phacility.com services. These services will make very little sense if internal names become inst-3n14lfn1lkn and the whitelabeled instance is at dev.example.com (although we technically could make <instancename>.phacility.com a valid HTTP domain which redirects to the canonical URI).
• web.phacility.net: I think there's no reason for this device to exist, but I don't remember why it exists so maybe I'm missing something.
• daemon.phacility.net: This device exists so we can authorize the daemon key, so repo can talk to web as the daemons. We need to retain this in some form, although we could build it on-demand during synchronization rather than actually have it synchronize.
• services.phacility.net: This service exists to lock the daemon.phacility.net device, by binding it to a cluster service, and so that daemon.phacility.net will synchronize. Even if we retained it in some form, we could make it an auto-sync rather than manually attaching every instance to it with an edge.

Most of this isn't doing anything any real harm, but it could be cleaner than it is.