We are using a split DNS for traffic for our primary domain - external traffic goes to Cloudflare, and internal traffic goes to our windows server DNS, for security reasons. However, for our primary domain (which is the domain root) even if the request is made internally in our network, we want to 'force' the user to go outside the network to access the site, so it will go through the Cloudflare proxy. How can I do this?
Asked
Active
Viewed 769 times
1 Answers
0
If you have split DNS then it should just work. Eg, your public domain mydomain.com is on Cloudflare, while your AD domain local.mydomain.com is handled locally.
So requests for myserver.local.mydomain.com would be handled locally, but www.mydomain.com would be unknown by your local DNS, seen as effectively a different domain, and treated like any other external DNS request requiring a query to the internet.
If however the local domain is also mydomain.com then that isn't "Split DNS", and there's no way to get the internal DNS request to go outside to retrieve the answer, because your internal DNS server is Authoritative, so if it doesn't have the answer to the requested query it will assume no such record exists. In that scenario the only option is to locally reproduce the DNS records that have been setup on Cloudflare for mydomain.com so the DNS lookups can be handled locally, and the users directed to the correct external resource.
Keith Langmead
- 1,247