Related to
I don’t know / other
What is the issue you’re encountering
Unable to resolve private DNS records
What steps have you taken to resolve the issue?
Use Case:
We are restricting sensitive domains/internal infrastructure with private DNS. The goal here is to avoid publicly resolving certain subdomains and throwing the NXDOMAIN error for end users. We are agnostic meaning our staff access our resources globally and sometimes with a VPN. The subdomains point to mostly cloud-based resources such as AWS, digitalocean etc.
Configuration:
We are using Zero Trust with WARP client. We have a tunnel with cloudflared installed for AWS Route 53/Resolver private DNS zone. In zero trust we have setup the gateway DNS location, resolver policies, access applications (private network), network tunnel/routes, and configured relevant settings including split tunnels and have also tried using local domain fallback. In Route 53 we have configured the private dns hosted zone, security access groups, resolver VPC’s/endpoints/rules/query logging.
Error:
No matter what we do, the webpage will not load for the ‘applications’. It results in a server not found message. Checking cloudflare logs and AWS logs, there appear to be no issues. Using terminal commands to verify the setup and look for any misconfigurations yields no negative results. We did solve the 526 insecure upstream error by using HTTP policies with ‘no inspect’ action.