Hi - I'm having some issues w/ a Juniper MAG (7.1R4) - using Mac NC clinets. The problem is DNS specific. We have a domain that resolves on the internet-at-large - let's call it "example.com". There's also an example.com domain served internally that has significantly more entries. The only DNS settings that I can find appear to apply to which DNS servers to hand out, and the "DNS search order" setting. If I set the search order to search the internal DNS first, then everything works as expected, but all DNS queries go through the tunnel, includng ones to google.com, etc. which just means generally slower DNS performance for resources outside the tunnel. If I set it to search client-side DNS first, then all general queries - google.com, etc. - work using the client-side DNS, but some of the internal resources are not found, since the publicly hosted example.com domain does not contain those resource, and network connect appears to stop once it finds an authoritative domain. Is it possible to define a domain to always resolve through the tunnel? Can I set a policy to always resolve "example.com" through the VPN? Any other ideas on how to make this work? I could, I suppose, impose restrictions on the DNS server for requests coming from the VPN pool, but I'm not sure if that would just cause a lookup to fail or would it actually fall back to the client's DNS? In any case, this seems like an overly complicated solution to the problem. Has anyone else run into this before? Any thoughts or tips? Thanks... ... View more