Split DNS, Split Tunnel, PPTP VPN, NAT, and some serious headaches
Posted on 2006-10-20
The title just about says it all. Right now I have a single public IP running into a WatchGuard Firebox. I have a bunch of domains with DNS hosted elsewhere. Internally I am running DHCPd and Bind with ddns using the domain <my domain>.local. I also have people PPTPing into the network, but would like NOT to have to have all of their traffic get sent over the tunnel, hence split tunneling. This causes some serious headaches because PPTPs cannot access computers internally by name since the DNS foo.<my domain>.local doesn't resolve on their DNS servers (which are listed first) because they are split tunneled. My question is what is the best way to actually get this all configured such that:
Internally we are using <computer>.internal.<my domain>.com on some private IP based Bind server (e.g. 192.168.0.X) behind our FireBox (This step is easy)
Externally people using <computer>.internal.<my domain>.com get redirected to ... <my domain>.com for example, but
PPTP VPN users using split tunneling can actually perform lookups on <computer>.internal.<my domain>.com and get the correct response from our Internal Server.
Or is this even possible? I am open to any suggested ways to solve this problem.