Split Horizon DNS issue

dns
#1

Hello,

We have a website on a domain that we are having issues with. Here’s what we are experiencing:

On internal office network:

  • Certain images do not display on the webpage
  • Website does not automatically redirect form http to https

On external network (away from office):

  • Website displays fine
  • http to https redirection works fine.

We have a Split DNS setup here in the office. We have a local DNS server that we manage for DNS. We’ve mirrored the DNS setting that we have configured in CloudFare for this domain on our local DNS server, but are still having issues.

0 Likes

#2

I’d recommend pointing your internal DNS to the Cloudflare proxy address of the site, not the origin server itself. If you are pointing directly to the origin, Cloudflare isn’t involved and thus things like SSL aren’t handled by us.

2 Likes

#3

Hello,

Thanks for the suggestion. Where do I find the Cloudflare proxy address?

0 Likes

#4

Thanks! Our website is good now.

1 Like

#5

Another thing to note here is that its never a good idea to “hard code” Cloudflare IPs (e.g. A/AAAA). Instead, after activation (and even when using Cloudflare DNS authoritatively) you can point to a CNAME record available from Cloudflare. For example, if I have example.com on Cloudflare with a www subdomain defined, I can point to www.example.com.cdn.cloudflare.net. This is where split horizon/brain domains should point to use Cloudflare.

Note that this is available on any plan/setup BUT if you haven’t activated then your zone will eventually be automatically removed from Cloudflare. All domains on Cloudflare must activate or they may be removed (to make way for others).

2 Likes

#6

I am having the same issue and have created a CNAME record on the local (internal) DNS listing the FQN with the proxy. Doesn’t work. for troubleshooting, I should be able to try www.example.com.cdn.cloudflare.net (obvi with the correct domain name).

0 Likes

#7

Going to www.example.com.cdn.cloudflare.net directly won’t work. Cloudflare forwards based on the host header and the host header when you type www.example.com.cdn.cloudflare.net in your browser is www.example.com.cdn.cloudflare.net. You should be able to doa DNS lookup and have www.example.com resolve to www.example.com.cdn.cloudflare.net which then should allow you to visit www.example.com and have it hit Cloudflare’s edge.

1 Like

#8

What should I use for the CNAME on the local internal DNS?

0 Likes

#9

The target should be www.example.com.cdn.cloudflare.ne. You said it doesn’t work. What doesn’t work?

0 Likes

#10

I setup a cname for www - www.example.com.cdn.cloudflare.net
I can ping/traceroute by www.example.com and it hits the CF edge.
In a browser, I get a time out (from same system that can pin by name).

0 Likes

#11

Gerry,

I know this isn’t recommended anymore…, but we used an A record to point directly to a CF IP address. This fixed our issue immediately. So we have a DNS A record called “www” pointed to an IP address.

0 Likes

#12

That would be the IP on the front end of the proxy.

0 Likes

#13

I still get a timeout when I use an a recored and IP.

0 Likes