I've got two firewalls providing an IPSec tunnel between two offices. The tunnel is up and talking, and everything seems ok. However, some of the hosts on the remote network are encountering DNS issues. The DNS and AD domain servers are all on my local network, and the remote users connect to the domain across the tunnel. Here's the kicker though: not all users are having this issue. Some workstations are resolving DNS just fine, while others are not at all. It's not a caching issue, I've verified that the working PCs are actually communicating properly with the DNS servers while the others are not.
Is there anything specific that needs to happen on the firewalls to ensure DNS traffic? My tunnel ACLs are set to encrypt all IP traffic between the two subnets, and I've enabled sysopt connect permit-ipsec to allow the traversal of encrypted traffic.