I’ve read past posts about split horizon / brain DNS use cases, and I’m not sure my specific use case has come up and/or I’m understanding things correctly.
I have some private homelab services protected behind Cloudflare. To get some security through obscurity, these are on subdomains that are difficult to identify through brute force.
For my LAN, mobile devices, and family (not on LAN), I’d like to use more user friendly subdomain names. To work around this, I though I could setup a private DNS server that had local CNAME records pointing to the the obscure subdomain on Cloudflare. When navigating, from these devices using this private DNS and CNAME (that Cloudflare itself cannot resolve), I receive an error 1016. From reading, I understand this is because the Cloudflare CDN determines how to route the traffic based on host.
Is there a way to work around this, and I can use a split horizon / brain DNS for this use case? Is there a way to tell Cloudflare how to route it? I would prefer not to have a simple subdomain public, as that will likely get accessed by threats that are just iterating through common words. Sure, there are ways to use Cloudflare to protect these subdomains, but it’s “attack surface area” that I’d like to avoid, especially since this is for a homelab, and I’m sure I won’t configure things perfectly… At the same time, for users of my LAN / private DNS, I’d like the subdomain to be user friendly.