On 28-Sep-2007, at 1136, Paul Hoffman wrote:
It is not "obvious", at least to some of the people I have spoken
with. It is also not obvious to VPN vendors; otherwise, they would
have easy-to-use settings to make it happen.
I'm surprised by that comment.
I think it's a common use case that organisations who deploy VPNs
have split DNS; that is, namespaces available through internal
network resolvers that do not appear in the global namespace. In my
experience, it is normal for:
- VPN client software to use IP addresses rather than names to
establish a secure tunnel with the home network
- Local resolver settings on the VPN client's machine to be re-
written to use internal home network nameservers while the VPN
session is active
This is certainly how the cisco VPN client supplied to me by my
employer (and the subsequent versions I've downloaded directly from
cisco) work, for example. I was under the impression that cisco had
fairly significant market share in this area.
This is not to say that the topic doesn't deserve mention in the
draft at hand. However, your logic in the last sentence above seems
suspect to me.
Joe
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf