I set up systems with the DNS of a SBS Server first and a fallback to the Internet Router for DNS if the SBS box goes offline, this works fine locally but when a VPN connection comes in the order is reversed and causes these issues, so I came up with a working solution that does not require any Registry hacking:
To fix this issue with Windows 7 VPN clients do the following:
1/ Create additional (secondary) IP address on DNS server
2/ Set Scope Options in DHCP to list put new IP address as first DNS entry (the entries will be SBS secondary IP, SBS Primary and then Router IP),
Now the DHCP will offer the SBS DNS server as the first two IP addresses with the Router DNS as the last for LAN DHCP leases, and for a VPN connection the DHCP list becomes SBS, Router, SBS so local DNS lookups now work correctly despite this bug.
This solution also assumes you are using DHCP Relay for the LAN and Localhost in the RRAS settings.