Unique situation with cloudflare origin certificates. I need help in regards to an internal DNS pointing directly at the server and how to point it at cloudflare

I have a unique situation where our website is setup normally via cloudflare and uses the cloudflare origin certificates. It works great for everyone except those in the organization. They have an internal bind9 DNS with the same record names pointing directly to the origin server IP. When they do this it flags untrusted SSL errors in the browser because it’s using the cloudflare certs directly and not via cloudflare proxy.

Could you please advise me how I can modify their bind9 zones file so that two A records we use for the website point correctly back to cloudflare while everything else stays however they have it. This way the internal organization will be correctly going through cloudflare and not accessing the website directly by the IP.

This issue happens when their internal DNS zone overlaps with their external zone, but in an inconsistent way.

If your website is www.example.com, what you need to do within the company’s own BIND9 zone file is replace the www record with a CNAME record pointing to www.example.com.cdn.cloudflare.net.

To be clear, no changes are made on the Cloudflare side, only within the company’s internal DNS server(s).

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.