External domain not resolving internally (split DNS)

domain-name-systeminternal-dnssplit-dns

example.com is a registered domain name. Externally, there are nameservers associated with example.com which include an A record for subdomain.example.com which points to an externally hosted web page.

Internally, we have example.com as an ActiveDirectory domain. We wanted to utilise subdomain.example.com internally as well. We have therefore added a matching A record to the internal DNS.

Externally to the network, everything works fine.

When utilising nslookup for subdomain.example.com internally, it returns the correct IP address.

Pinging subdomain.example.com internally, results in the correct external resource responding.

When visiting the page in the browser, it provides page cannot be displayed (IE11) or ERR_CONN_RESET (Chrome).

I am looking for suggestions on what to look at next.

Best Answer

Connection Reset is a server response and is not likely a firewall issue. What is occurring is during the three way handshake a reset is being sent in response instead of a SYN ACK. This is notifying you and your browser that the web server application (IIS/apache etc.) is not accepting connections. This means there is an actual issue with the web server application and not with your DNS or Web Browser.

Answer

The short answer to your specific question of listing CNAMEs is that you cannot without permission to do zone transfers (see How to list all CNAME records for a given domain?).

That said, if your company's DNS server still supports the ANY query, you can use dig to list the other records by doing:

dig +noall +answer +multiline yourdomain.yourtld any

These ... +noall +answer +multiline ... are strictly optional and are simply output formatting flags to make the output more easily human readable (see dig man page ).

Example

$ dig +noall +answer +multiline bad.horse any

Returns:

bad.horse.              7200 IN A 162.252.205.157
bad.horse.              7200 IN CAA 0 issue "letsencrypt.org"
bad.horse.              7200 IN CAA 0 iodef "mailto:abuse@sandwich.net"
bad.horse.              7200 IN MX 10 mx.sandwich.net.
bad.horse.              7200 IN NS a.sn1.us.
bad.horse.              7200 IN NS b.sn1.us.
bad.horse.              7200 IN SOA a.sn1.us. n.sn1.us. (
                                2017032202 ; serial
                                1200       ; refresh (20 minutes)
                                180        ; retry (3 minutes)
                                1209600    ; expire (2 weeks)
                                60         ; minimum (1 minute)
                                )

Caveats (RFC8482)

Note that, since around 2019, most public DNS servers have stopped answering most DNS ANY queries usefully. For background on that, see: https://blog.cloudflare.com/rfc8482-saying-goodbye-to-any/

If ANY queries do not enumerate multiple records, the only option is to request each record type (e.g. A, CNAME, or MX) individually.

Domain – Verify that a name server is registered at a TLD registry

You can us dig and choose a public DNS server

dig 8.8.8.8 NS example.com

This will get you the names of the name servers then you can just look them up e.g.

dig +short ns1.example.tld 
123.456.789.001

or if you're using windows you can use nslookup

nslookup
> server 8.8.8.8
> set type=ns
> example.com

Then similar to above

nslookup ns1.example.tld

will provide you with the ip address

If you want to query the tld directly then

dig ns tld

will provide a list of the TLDs name servers, you can then query them directly for the ns records for example.tld

dig @ns666.tld ns example.tld

Best Answer

Related Solutions

DNS Records – How to List All DNS Records in a Domain Using Dig

Answer

Example

Caveats (RFC8482)

Domain – Verify that a name server is registered at a TLD registry

Related Topic