Hello, I have been scratching my head for 3 days now without any progress, hope somebody can help me.
Background
I have a firewall (OPNSense) running Unbound DNS server. All my devices connected to the firewall is using my Unbound as DNS server, except my Kubernetes cluster (3 master/worker nodes). I setup my Kubernetes cluster to use 8.8.8.8 as the DNS server. I also use Cloudflare to point my domains into my public IP. In Cloudflare DNS page, I use the "proxy" feature for the domain root and "DNS Only" for the wildcard of the domain (because Cloudflare doesn't support wildcard proxy for free tier).
In my firewall, I have forwarded port 80 and 443 into my Traefik ingress (running inside the Kubernetes cluster). In Unbound, I have host override for my domain to the IP of the Traefik ingress too.
The Problem
If I curl my domain that doesn't use the "Proxy" feature in Cloudflare from my Kubernetes cluster, I got connection timed out. I can curl into any domain names in this world except my own domain that is not behind Cloudflare Proxy (like WTH!). I can do nslookup/dig just fine, very weird. I have also tried allowing all traffics to go through my firewall.
After 3 days of balding my own head, here is the simplified version of my problem: I can't access my services using my domain if it's not using Cloudflare proxy and I'm not using my own DNS server and I'm in my local network. (I can access my wildcard domain outside my local network)
Hope somebody can help me with this. I know I can just use Cloudflare proxy and not using wildcard for everything. But I want to know how does this happen. Thanks before.
No comments:
Post a Comment