CF Access - DNS Resolution issue

hello everyone,

I have successfully configured CF Access / Teams and exposed one of the internal application over the Internet. Part of the configuration, created a CNAME record on CF , for example :

“internal-app.mysite.com (CNAME) tunnel-ID.cfargotunnel.com”

“mysite.com” DNS zone is also hosted internally on the Corporate DNS Server. So when someone connect to the Corporate VPN the DNS record doesn’t resolve, hence can’t access “internal-app”.

I thought it will be an easy solution, and created an identical CNAME record in the Corporate DNS server. But it seems like it didn’t resolve the problem. In fact, I can’t even resolve the tunnel-ID.cfargotunnel.com address internal or externally.

I was wondering if someone in this group came across a similar situation and appreciate if share a solution.

Thank you,
Muhammad

Try pointing to internal-app.mysite.com.cdn.cloudflare.net instead.

I have tried to add the following as per your suggestion to the Corp DNS :

internal-app.mysite.com  ( CNAME to ) internal-app.mysite.com.cdn.cloudflare.net 

But still not working … here is the dig response from the Corp DNS

$ dig  internal-app.mysite.com @CORP-DNS

;; QUESTION SECTION:
;internal-app.mysite.com.		IN	A

;; ANSWER SECTION:
internal-app.mysite.com.	3600	IN	CNAME	internal-app.mysite.com.cdn.cloudflare.net.
internal-app.mysite.com.cdn.cloudflare.net. 300 IN A	104.18.15.46
internal-app.mysite.com.cdn.cloudflare.net. 300 IN A	104.18.14.46

;; Query time: 111 msec

but if try to resolve it by pinging … it’s erroring out

$ ping internal-app.mysite.com
ping: cannot resolve internal-app.mysite.com: Unknown host

Can you confirm that the DNS server is configured properly?

never mind … there was a dns propagation delay but it has started working.

Thank you so much @erictung for your prompt solution.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.