I'm trying to understand how DNS works with U-turn. I'm looking into configuring VPN tunnel between ASA 5510 (main office) and PIX 506 (remote office).
Currently all workstations in remote office are connected thru VPN tunnel between PIX506 and VPN 3000 concentrator, so they use internal DNS server in main office. I need to use U-turn on ASA to enable remote users to surf the net. With U-turn config, will remote workstation still use DNS server in main office to resolve IP addresses?
SplitDNS and Splittunneling are both used with remote access clients. In your case you are trying to configure a site-to-site VPN tunnel, so to "split" the traffic you will use the crypto acl to define interesting traffic for the VPN. This ACL however uses IP addresses to determine whether the traffic should be encrypted or not, hence your DNS lookup would have to happen before the traffic gets encrypted. So either you can define the DNS server for the remote network to be the DNS across the VPN tunnel and ensure that the DNS server's IP address is part of the interesting traffic or you must ensure that the local DNS server is capable of resolving the names.
In the previous case where you are using U-Turning, everything automatically gets tunneled so you don't need to worry about your DNS requests being tunneled.
I hope this explains the behaviour.