On Fri, 28 Sep 2007, Joe Abley wrote: > I'm surprised by that comment. > > I think it's a common use case that organisations who deploy VPNs have split > DNS; that is, namespaces available through internal network resolvers that do > not appear in the global namespace. In my experience, it is normal for: > > - VPN client software to use IP addresses rather than names to establish a > secure tunnel with the home network If you are a worldwide organisation, you want to connect to the nearest VPN point, and not your "home vpn point". This is done by customising DNS answers (eg bind views or akamai like setups). The last thing I want is for my Dutch branch, to connect me to the company vpn in The Netherlands, when I'm in the US, crossing the atlantic twice. You only start to use the internal company's DNS server, after you have connected to the VPN - if only to resolve internal network only machines. Paul _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf