IntermediateScenario
10 min
DNS Split-Horizon Misconfiguration
DNSNetworkingConfiguration
Advertisement
Interview Question
Internal and external clients see different DNS answers, causing failures. How do you debug and fix split-horizon issues?
Key Points to Cover
- Compare DNS answers from internal vs external resolvers
- Validate zone files and delegation correctness
- Check split-horizon policies and forwarders
- Fix misconfigurations and align records
- Add regression tests for DNS split-horizon setups
Evaluation Rubric
Compares internal vs external DNS answers30% weight
Validates zones and delegations30% weight
Resolves policy misconfiguration20% weight
Adds regression testing20% weight
Hints
- 💡Look at /etc/resolv.conf search domains.
Common Pitfalls to Avoid
- ⚠️Assuming the issue is always with the internal DNS server and neglecting external DNS configurations.
- ⚠️Not performing simultaneous checks from both internal and external clients to get a true comparison.
- ⚠️Overlooking the impact of network devices like firewalls and load balancers on DNS traffic.
- ⚠️Failing to enable and analyze detailed DNS server logs, missing critical clues.
- ⚠️Not verifying the correctness of DNS delegation and secondary zone transfers.
Potential Follow-up Questions
- ❓How to avoid DNS split-horizon complexity?
- ❓When to use conditional forwarders?
Advertisement