Skip to content

Questions to Determine

  • What DNS server is app-node-03 configured to use (check /etc/resolv.conf)?
  • Does the internal DNS server have a zone entry for payments.acme.com that returns the internal IP?
  • What does dig payments.acme.com @<internal-dns> return vs dig payments.acme.com @8.8.8.8?
  • Is split-horizon DNS properly configured so internal clients get internal answers?
  • Was the payments.acme.com A record omitted from the internal zone during the recent DNS consolidation?
  • Does the internal zone for acme.com exist, and if so, does it contain all required records?
  • Can app-node-03 reach the internal IP 10.100.8.30 directly (bypassing DNS)?
  • Are there any DNS caching layers (nscd, systemd-resolved, dnsmasq) that might be serving stale records?
  • Is the internal firewall blocking hairpin NAT, preventing internal hosts from reaching the external IP?