A key part of any DirectAccess solution is the Network Location Server (NLS). The NLS server is one that can accept SSL connections from machines configured as DirectAccess clients. If the DirectAccess client can connect to the NLS server on the intranet, then the client knows that it's on the intranet and turns off the Name Resolution Policy Table (NRPT) and resolves names using the DNS server configured on the DirectAccess client's NIC - which is going to be a DNS server that is configured to resolve intranet names.
If the Network Location Server isn't detected, then the DirectAccess client assumes that it's not on the intranet and leaves the NRPT enabled and resolves intranet names using the IPv6 address of the UAG DirectAccess server.
A couple of things that you need to know about the NLS server: * It needs to be highly available * The CRL of the issuer needs to be available
The CRL is important - if the DirectAccess client can't find the CRL, then it won't be able to connect to the NLS server's SSL site and the NLS check will fail and the client won't turn off the NRPT, which can cause significant problems with intranet name resolution.
So - make sure you have that internal CRL available, and even better, highly available!