Split-Horizon DNS Explained

👋 Hi! I’m Bibin Wilson. In each edition, I share practical tips, guides, and the latest trends in DevOps and MLOps to make your day-to-day DevOps tasks more efficient. If someone forwarded this email to you, you can subscribe here to never miss out!

Split-horizon DNS (also called split-view DNS) is a setup where different DNS answers are given based on where the user is coming from (public or private network)

The DNS server is set up with two views:

• One view for internal users (such as users connected through a VPN)

• One view for external users (public access)

Each view returns different IP addresses based on the source of the request.

Each view gives back different IP addresses based on where the DNS request comes from.

The image below shows a split-horizon DNS setup for the domain github.devopscube.com, using both private and public hosted zones in Route 53.

Internally, the domain resolves to a GitHub Enterprise Server. Publicly, it may resolve to GitHub.com or a read-only version with limited access.

Common Use Cases

1. Cost Optimization

Cloud providers charge for data transfer, especially when data leaves their network (egress traffic).

Split-view DNS helps reduce these costs by routing internal traffic over private networks instead of the public internet.

2. Multi-Cloud and Hybrid Setup

You can route internal requests to on-prem servers (e.g., database.company.com points to the local database).

For external users, the same domain can point to a cloud replica or a different service. In multi-region setups, each region can resolve the same domain to a nearby server for better performance.

3. Development and Testing

Internal users (like developers) can access staging or test versions of the site, while external users see the live production version.

For example, app.example.com resolves to dev servers inside the network, and to the production servers for public access.