UTM9: VPN Clients 50% of the time cannot resolve internal webserver address?

Hi,

We have a UTM9 as our firewall and default gateway. 

We have no internal DNS server.

We have Mac clients using Tunnelblick 3.2.x OpenVPN app, connecting to the UTM (Remote Access SSL) just fine and accessing internal resources. There are many static DNS entries ('network definitions').

We have a public website http://example.com

We have an internal website http://intranet.example.com that sits behind the UTM9. It has a static DNS entry ('network definition'). Internal office computers can access this website no problem.

When our remote VPN clients connect to our UTM9, and try to access the intranet, they receive a page not found error from the public website host, using either the intranet URL or the IP Address. So it would seem that the public DNS servers (1.1.1.1) are being used, instead of the UTM9 (10.x.6.1 in the image below).

The Mac clients receive the same network DNS settings when connected via VPN, as they do in the office:

VPN client settings:

    

UTM9 DNS Settings:

      

Client DHCP Settings:

  

One issue I encountered whilst troubleshooting the VPN connection on different Macs from outside the office (including Macs that have never joined this company domain/office network), is that sometimes the name resolution works for a while and then fails, redirecting to the public website host again.

Any troubleshooting tips most welcome, thanks!