Hi Dan, Yes, I'm glad you asked, as it reminds me that I didn't put it on my list of articles to do in the near term. The issues with split DNS is that when the VPN client connects, it doesn't automatically place the RRAS adapter on the top of the adapter list. So, you will continue to use the same DNS server that you have on your dedicated adapter. So, what happens is if you have a split DNS using the same name internally and externally, the client will continue to resolve names using the initial DNS server. There are situations where it might not seem like this, such as if the client received a server failure on the initial adapter, in which case it moves the RRAS adapter to the top of the list. PSS says there aren't enough requests to fix it, so there won't be a DCR for this issue (my request must be the only one) There are several fixes available, but there is a bit of admin overhead. For example, if you have control over the clients, you can have them run this log on script or deploy the script using your favorite method: ============================ ' VBScript that places the \Device\NdisWanIp entry on the top in the ' registry value Bind (multi-string) that is found under the key ' HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage\. ' If the entry already is at the top, no registry update is done. Const HKLM = &H80000002 sComputer = "." ' use "." for local computer ' Connect to WMI's StdRegProv class Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _ & sComputer & "\root\default:StdRegProv") ' Define registry location sKeyPath = "SYSTEM\CurrentControlSet\Services\Tcpip\Linkage" sValueName = "Bind" oReg.GetMultiStringValue HKLM, sKeyPath, sValueName, arValues arValuesNew = Array() For i = 0 To UBound(arValues) If i = 0 Then If LCase(arValues(i)) = "\device\ndiswanip" Then ' Entry is already first in the list, no point in continuing Exit For Else ' Put NdisWanIp in the first element in the new array ReDim Preserve arValuesNew(0) arValuesNew(0) = "\Device\NdisWanIp" End If End If ' Continue adding the rest of the elements to the new array If LCase(arValues(i)) <> "\device\ndiswanip" Then iCountNew = UBound(arValuesNew) + 1 ReDim Preserve arValuesNew(iCountNew) arValuesNew(iCountNew) = arValues(i) End If Next ' If there are elements to be found in the array, update the ' registry value If UBound(arValuesNew) > -1 Then oReg.SetMultiStringValue HKLM, sKeyPath, sValueName, arValuesNew End If MsgBox "Finished!", vbInformation + vbSystemModal ===================================== I'll include all the issues and remediations I've thought of so far in the article that I'll put up in the next week or two. HTH, Tom Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Tuesday, April 26, 2005 9:03 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Split DNS Questions... http://www.ISAserver.org Tom, You mentioned some problems with VPN connections on a Split DNS? I've been using it extensively, is this related to resolving hostnames on the Internal network? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx