I've been reading this document http://technet.microsoft.com/en-us/library/jj134148.aspx and i'm very confused about CRLs
Section 1.3.3Plan website certificates for the network location server states:
"In the CRL Distribution Points field, use a CRL distribution point that is accessible by DirectAccess clients that are connected to the intranet. This CRL distribution point should not be accessible from outside the internal network."
Then in Section 1.4.1 Plan for DNS server Requirements it states:
"The FQDN for your Internet-accessible CRL distribution points must be resolvable by using Internet DNS servers. For example, if URL http://crl.contoso.com/crld/corp-DC1-CA.crl is in theCRL Distribution Points field of the IP-HTTPS certificate of the DirectAccess server, you must ensure that the FQDN crld.contoso.com is resolvable by using Internet DNS servers."
Can someone please clarify?