I would recommend never doing it. :) Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: Ben Scott <[email protected]> Date: Thu, 13 Aug 2009 12:35:44 To: NT System Admin Issues<[email protected]> Subject: Re: PC in domain across stable VPN tunnel? Be aware that having an ISP nameserver configured in addition to internal nameservers can sometimes cause issues. The typical scenario is: AD domain name is not visible in the public DNS. One must query internal nameserver(s) to find it. The internal nameserver(s) are listed first in IP configuration, but some ISP nameservers are also listed. The typical failure mode is: Client (AD member) queries internal nameservers for AD domain name. For some reason (e.g., VPN glitch), no answer is received from the internal nameservers. Client falls back to the ISP nameservers. ISP nameservers say "that domain does not exist". Client gets very confused, since it's just been told its AD domain doesn't exist. Various things on the client get farked until reboot. This is especially irksome because things can work fine for months, then suddenly half the PCs will act funny until rebooted. Lather, rinse, repeat. I'm not saying "never do this", but one should be aware of the potential failure mode. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
