Which works well until you need to reference your company intranets DNS servers for access to certain systems. I have yet to hear of a VPN solution that lets you query both external and internal DNS servers.
I guess it might be theoretically possible if the VPN client looks at the domain on the request, but I have not seen one that does this.
Right, it's a fundamentally hard problem. One approach is to create a stub domain in /etc/named.conf that forwards to the company DNS server for its internal domain. But that won't work if the company uses the same domain and "split horizon" for external and internal use, with the same name used with different addresses. For instance, my peer has an A record for company.com internally pointing to their Windows domain controller but no MX record, so I can't send mail to them if I use the internal server.
At least with vpnc you don't get your DNS forcibly hijacked as vpnclient does, so you can at least control which queries go where. But you still have to decide where to make the split.
