Some of our users are experiencing problems where their ISP will hijack DNS requests for non-qualified hostnames. An example is typing "intranet" instead of "intranet.polycom.com". The DNS setting is set to query the SSL VPN first but it seems to be ignored and the ISP resolves "intranet" to some external IP.
I would check your Network Connect profile to ensure your have the proper domains listed. Go to Users, Resource Policies, Network Connect, NC Connection Profile, and edit your profile. Check the DNS Domains field. Note that you can add multiple Domains using a comma.
I've seen the same problem, and I think I have figured out why it is happening (but not a good workaround).
For the problem to occur -
What occurs is that the PC attempts to resolve the name with the first suffix to the internal DNS servers, and then attempts to resolve it against the external DNS servers. Since the external DNS server returns a response, resolution completes without ever attempting the second (and subsequent) DNS suffixes.
Potential solutions -
Of course the best solution would be that ISPs be required to deliver NXDomain replies if that is what should be delivered, since as we all know, not everything running on the internet is a web browser with a poor typist at the helm.
Let's all thank the two guys at comcast and their german friend for this ****.
I would start with your customers' ISP, contact them and ask for the IP of a DNS that doesn't hijack NXDOMAIN responses, I seem to remember reading somewhere (maybe on theregister.co.uk) that some major ISP left one DNS 'pure' for just this reason....IIRC
We have seen this problem a lot with OpenDNS. Luckily you can turn off the DNS hijacking in OpenDNS by disabling Typo correction
I just worked with a user where his ISP was using OpenDNS for their DNS servers.
I believe you can opt-out of Comcast's "Domain Helper" service.
Here is the comcast link that lists, by city, their 'RFC compliant' (HA!) dns servers that do not hijack NXDOMAIN records: