[VPN] Cisco VPN and split DNS

[Lee Sweet]

[I looked in the archives a bit and can't find anything like this.  
If this has been discussed, let me know.  I can't see a way to 
search, though...]

Situation:  Branch office of ours needs to connect to home office for 
email and other resources.  They use Cisco VPN client version 
4.6.03.0021 connecting to Cisco 3000 concentrators.  They also need 
to have simultaneous access to local resources.

Problem:  The DNS issue is that their primary DNS (when not using 
VPN) is usually the local internal (inside the firewall) one.  It has 
a number of entries that are not in the one the VPN client points 
too, the home office internal nameserver.

So, when they are connected to the home office, name resolution 
requests for local resources fail.  (Host name or FQDN, doesn't 
matter, of course, since it's using the home DNS.)

Cisco seems to think the sort of split DNS resolution we want is 
doable, so "it's a problem with the DNS config at that site".

Is the client actually made to route the DNS requests for one domain 
to one DNS server and all others to another (the hardwired 
interface?) or what?  If so, how?  We have the domain name set 
correctly in the VPN server config, so we would think only requests 
for this domain (home office) would be routed to the DNS server 
hooked to the VPN interface, and all others (local, external) would 
go to the local DNS server.  But, not so.

Am I totally confused on some point here, or is this broken?  
Obviously, we can get this to work by duplicating all local entries 
in the home office DNS, but if split DNS is actually supposed to 
work, it would be nice not to have to duplicate/maintain those 
entries.

Thanks for any comments or pointers to answers!
--
Lee Sweet
Datatel, Inc.
Senior Telephony and Communications Specialist
How higher education does business.

Voice: 703-968-4661
Cell: 703-850-2385
Fax: 703-968-4625
lee at datatel.com
www.datatel.com