Weird. I've never had problems with it, and it has never confused me, my laptops or my VPNs - but I also force name resolution and traffic through the VPNs - no split tunneling for you!
Once that's nailed down, all is good. I also make my SSL certs by name, not by IP address. Kurt On Mon, Nov 16, 2009 at 11:55, Ben Scott <[email protected]> wrote: > On Mon, Nov 16, 2009 at 2:46 PM, Kurt Buff <[email protected]> wrote: >> I don't think what you mean by split DNS means what other people mean. > > I think I do. > >> I use "mycompany.com" both internally and externally ... > > That's exactly what I mean. You've got a zone on your internal > nameservers, and those nameservers are not delegated from the parent > zone (the <com.> TLD, in this case). > >> It just takes some static entries. > > Which is where people have trouble. Most people don't understand > this stuff, or don't appreciate the implications, or just plain > forget. Better to avoid that. > > Plus, it creates two zones with the same name and different data, > which can really confuse both people and software when you're dealing > with scenarios where youcan see both, such as for laptops and/or VPNs. > > Plus, if you can get away with *not* going through the effort of > keeping the two zones in sync, why wouldn't you want to? Even if it's > just small work, small work is still more work than no work at all. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
