A public cname record pointing to a zerotrust cname record blocks requests

frederic1 · July 16, 2024, 6:18pm

What is the name of the domain?

enervisionmedia.com and/or silverskaters.org

What is the error message?

No webpage was found for the web address

What is the issue you’re encountering

the first cname (pointing to cfargotunnel’s uuid cname) does not work (returns 404 not found)

What steps have you taken to resolve the issue?

I tried to point that first cname directly to cfargotunnel’s uuid cname but that didn’t work

What feature, service or problem is this related to?

DNS records

What are the steps to reproduce the issue?

Thru Zero Trust/Networks/Tunnels panel, I set up a tunnel as A-DEV-SERVER enervisionmedia com

THIS WORKS: can access site (hitting my local dev machine) thru browsers using A-DEV-SERVER’s URL

THEN, set up a CNAME record of PUBLIC enervisionmedia com that points to A-DEV-SERVER URL:

this DOES NOT WORK
although I can access the origin server directly if I use the tunnel’s explicit A-DEV-SERVER’s URL, when I try with PUBLIC as url I get back a 404/not-found error (AND I can see from logs it doesn’t even hit our local origin server).

I also tried to set the PUBLIC’s CNAME record to directly point to the tunnel’s CNAME name (namely its cfargotunnel’s uuid name) but got the same result back (404).

It seems that a CNAME (PUBLIC) pointing to another CNAME (in this case ZeroTrust’s public hostname) does not work (never mind the inefficiencies of double-cname-lookup: this is just for dev convenience).

Is that correct? Or am I doing something wrong?

Setup Recap:
A-DEV-SERVER: CNAME automatically created by ZeroTrust/Netwoks/Tunnels (i.e. the generated uuid name)
A-PROD-SERVER: A-record pointing to the real server’s IP address
PUBLIC: CNAME pointing to either A-DEV-SERVER OR to A-PROD-SERVER

when PUBLIC points to A-PROD, all is well (hits live server)
when PUBLIC points to A-DEV, get the 404

For context, I do this because in the future I’d like to simply change PUBLIC’s CNAME record to point to another CNAME (e.g. A-PROD-SERVER)
without having to change internal URLs (in various other systems).
So although all links will always point to PUBLIC the server that gets the request will be set as per that CNAME’s value.
This will give me flexibility to switch back and forth to either serving server with a single change

system · July 31, 2024, 6:18pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Zero Trust tunnel config massive bug Cloudflare Tunnel CloudflareTunnel	13	1724	November 15, 2022
Zero trust with cname not working Zero Trust	0	691	October 13, 2023
Dummy CNAME not pointing at all. please help! DNS & Network	6	395	January 28, 2024
Error getting DNS record for <domain>:<uid>.cfargotunnel.com Cloudflare Tunnel	2	2801	February 20, 2023
None of my CNAME records are publicly visible DNS & Network	4	1226	January 27, 2023