Same problem as all of you guys. And as a early adopter of Win10 we kept running into this. problem (see the TL:DR belowfor a quick write-up of our fix.)
We noticed early that the issue stemmed from the fact that the client refuses to access the DNS on the VPN so we rolled out a dirty fix.
We created a script that added the VPN dns to the local network adapter and remove it when the VPN disconnected. Suffice to say it did not work very well, and caused some problems with clients not being able to access the internet
due to incorrectly closing their systems. (Rule number 1: even if the fix works, expect users to find a way to break it...)
Fix number 2 is the one we are using now and it has worked without giving our developers and normal users any problems.
We noticed that the VPN worked correctly over wireless and gave problems on a wired connection. (From the top of my head) This was due to the fact that the metric value of the VPN was always lower then those of the Wireless connection.
On the wire this was different, the wired connection like ECC-Dan noted, contained a lower metric then the IPv4 one. Not a problem as the VPN would adjust this. But when the VPN connected only the IPv4 one changed in terms of metrics. The IPv6 is still lower
then the VPN connection and somehow they decided to use the IPv6 metric to decide the interface for the IPv4 traffic...
We then set the following registry key.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]
"DisableSmartNameResolution"=dword:00000001
This fixed our corporate network name resolution. Recources that require people to go to the internet also worked so everything seemed fine.
But some of our resources are resolvable from the internet, and due to the fact that IPv6 metric throws all lookups at the local DNS server as well.
Changing the IPv6 metric fixes everything like ECC-Dan stated. but we did not want to change stuff like that as this would require us to change all metrics from all possible adapters ourselves.
Disabling IPv6 on the interface fixed this problem as well.
TL:DR
3 domains:
Contoso.com (Corporate)
Corp.contoso.com (Internal zone containing all our resources, cant access zone from internet)
Contoso.com (External zone, accessible from the internet.)
Fabricam.com (Development)
Corp.fabricam.com (Both internal and external zone, Zone is accessible from internet and contains a wildcard causing everything to be resolvable)
adatum.corp (development)
Adatum.corp (Internal zone, cant access zone from internet)
Fixing our DNS resolvement for corp.contoso.com and Adatum.corp
Registry edit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]
"DisableSmartNameResolution"=dword:00000001
Fix can be deployed without user having admin rights by deploying it through GPO Preference
Fixing Fabricam.com
Disable IPv6 (ECC-DAN fix also works) Both fixes require Administrative rights.