Split horizon DNS with GoDaddy & Microtik routers

Question

I'm looking into a simple split horizon DNS implementation. Using GoDaddy for my Internet DNS and Microtik routers for LAN DNS in a couple locations.

In my office I have a server, on the Internet is hq.company.com, but on my office network, I've been using a DNS entry on the Microtik with a different name hq.internal.company.com.

My most naive guess at a 'split horizon' implementation was to make an entry in the Microtik router with the same name as the GoDaddy entry, hq.company.com.

However, having done that I can see it's not working as I'd hoped. Both addresses are coming through in random order when using the host command. I've also tried clearing my laptop's (OSX) local DNS cache too.

$ host hq.company.com
hq.company.com has address 192.168.88.177
hq.company.com has address 150.243.157.82

$ host hq.company.com
hq.company.com has address 150.243.157.82
hq.company.com has address 192.168.88.177

$ host hq.company.com
hq.company.com has address 192.168.88.177
hq.company.com has address 150.243.157.82

My desired behavior is, when I'm in the office, local DNS provides only the local address for hq.company.com, and when I'm not in the office, GoDaddy DNS provides for the public IP.

score 1 · Answer 1 · answered Nov 17 '14 at 06:07

How are you setting DNS servers on the internal machines, statically or through DHCP?

You need to make sure that the internal machines look at the microtik only, for all DNS queries. The microtik then has to forward queries for hosts and/or domains that it doesn't know.

I haven't used microtik before, but in pfSense they use dnsmasq under the hood. Dnsmasq allows you to override single hosts or entire domains, while forwarding everything else to other name servers.

The fact that you're getting both results randomly says to me that the internal machines are set to look at both the microtik and the external DNS provider, but that won't work. Make sure they see the microtik only.

If that doesn't work or I've misinterpreted, please tell us more about the configuration of the internal clients.

Thanks for your answer, I just stumbled into the solution after coming back to this. — quickshiftin, Dec 05 '14 at 07:53

score 0 · Accepted Answer · answered Dec 05 '14 at 07:52

I checked back on this today and found hq.company.com was only resolving to the local address from one of my local sites...

Realized the behavior I posted the question about originally was because the local routers DNS cache still had the value from the Internet cached.

Clearing the DNS cache of the router allows the split horizon DNS to take effect immediately!

Split horizon DNS with GoDaddy & Microtik routers

2 Answers2