I’m looking to use Cloudflare to host my domain (lets say domain.net), which is the same as my internal net which is managed by pfSense. Whenever I move my domain over to Cloudflare, the resolvers in my K3s cluster stop working since it ships with a resolv.conf default of ndots:5. It works as I expect when my domain is hosted by google domains, e.g. nslookup google.com actually looks up google.com. But whenever I switch back to Cloudflare that same host would look up google.com.domain.net instead. Does anyone have any insight as to why that may be happening or how I could get similar behavior with Cloudflare? Here’s some of the test output I gathered:
With Cloudflare:
❯ nslookup -debug google.com
Server: 10.0.0.1
Address: 10.0.0.1#53
------------
QUESTIONS:
google.com.domain.net, type = A, class = IN
ANSWERS:
AUTHORITY RECORDS:
-> domain.net
origin = damian.ns.cloudflare.com
mail addr = dns.cloudflare.com
serial = 2269578432
refresh = 10000
retry = 2400
expire = 604800
minimum = 3600
ttl = 2585
ADDITIONAL RECORDS:
------------
Non-authoritative answer:
------------
QUESTIONS:
google.com.domain.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
-> domain.net
origin = damian.ns.cloudflare.com
mail addr = dns.cloudflare.com
serial = 2269578432
refresh = 10000
retry = 2400
expire = 604800
minimum = 3600
ttl = 3405
ADDITIONAL RECORDS:
------------
*** Can't find google.com.domain.net: No answer
❯ dig +ndots=5 +search google.com
; <<>> DiG 9.16.24 <<>> +ndots +search google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19994
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.domain.net. IN A
;; AUTHORITY SECTION:
domain.net. 1943 IN SOA damian.ns.cloudflare.com. dns.cloudflare.com. 2269578432 10000 2400 604800 3600
;; Query time: 3 msec
;; SERVER: 10.0.0.1#53(10.0.0.1)
;; WHEN: Sat Feb 05 14:13:33 MST 2022
;; MSG SIZE rcvd: 115
With Google*
❯ nslookup -debug google.com
Server: 10.0.0.1
Address: 10.0.0.1#53
------------
QUESTIONS:
google.com.domain.net, type = A, class = IN
ANSWERS:
AUTHORITY RECORDS:
-> domain.net
origin = ns-cloud-d1.googledomains.com
mail addr = cloud-dns-hostmaster.google.com
serial = 11
refresh = 21600
retry = 3600
expire = 259200
minimum = 300
ttl = 64
ADDITIONAL RECORDS:
------------
** server can't find google.com.domain.net: NXDOMAIN
Server: 10.0.0.1
Address: 10.0.0.1#53
------------
QUESTIONS:
google.com, type = A, class = IN
ANSWERS:
-> google.com
internet address = 142.250.190.110
ttl = 212
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name: google.com
Address: 142.250.190.110
------------
QUESTIONS:
google.com, type = AAAA, class = IN
ANSWERS:
-> google.com
has AAAA address 2607:f8b0:4009:80b::200e
ttl = 133
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Name: google.com
Address: 2607:f8b0:4009:80b::200e
❯ dig +ndots=5 +search google.com @8.8.8.8
; <<>> DiG 9.16.24 <<>> +ndots +search google.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25281
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 102 IN A 142.250.72.78
;; Query time: 20 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb 05 14:13:40 MST 2022
;; MSG SIZE rcvd: 55