How do I check if resource record sets in my Route 53 public hosted zone are accessible from the internet?

Lesedauer: 3 Minute
0

I created a public hosted zone in Amazon Route 53 and added resource record sets in it. I want to verify that my resource record sets are reachable from the internet.

Short description

Use one of the following methods to check whether your resource record sets are accessible from the internet:

  • The Route 53 checking tool
  • The dig tool (for Linux, Unix, or Mac)
  • The nslookup tool (for Windows)

Note: The steps in this article verify that the public hosted zone is created successfully and accessible. To make your entire domain resolvable, do the following:

Resolution

Route 53 checking tool

Use the Route 53 checking tool to see how Route 53 responds to DNS queries.

The dig tool (for Linux, Unix, or Mac)

To check whether your resource record sets are accessible from the internet through the dig tool, complete the following steps:

  1. Find the four authoritative name servers for your public hosted zone.

  2. In your resource record set's configuration, find the associated domain name (Name), record type (Type), and value (Value).

  3. Query one of the authoritative name servers. In your command line argument, specify the authoritative name server and the resource record set's domain name and record type. For example:

    $ dig @ns-###.awsdns-##.com  mailserver1.example.com  MX  
    $ dig @ns-###.awsdns-##.com  _text_.example.com  TXT  
    $ dig @ns-###.awsdns-##.com  cname.example.com  CNAME  
    $ dig @ns-###.awsdns-##.com  subdomain.example.com  NS  
    $ dig @ns-###.awsdns-##.com  www.example.com  A

    Note: The syntax for dig varies between Linux distributions. Use man dig to find the correct syntax for your particular distribution.

  4. Review the output and verify that the ANSWER SECTION matches your resource record set.
    For example:
    Record name = mailserver1.example.com
    Type = MX
    Value = 10 inbound-smtp.mailserver1.example.com

    The correct dig output looks similiar to the following: 

    ;; ANSWER SECTION:
    MAILSERVER1.EXAMPLE.COM    300    IN    MX    10    inbound-smtp.mailserver1.example.com.

The nslookup tool (for Windows)

To check whether your resource record sets are accessible from the internet through the nslookup tool, complete the following steps:

  1. Open the Windows Command Prompt.

  2. Run the following command:

     nslookup -type=A aws.amazondomains.com ns-###.awsdns-##.com

    For example:
    Record name = aws.amazondomains.com
    Type = A
    Value = 1.1.1.1
    Authoritative name server (NS) = ns-###.awsdns-##.com
    The correct nslookup output looks similar to the following: 

    C:\Windows\system32> nslookup -type=A aws.amazondomains.com ns-###.awsdns-##.com
    Server:  UnKnown
    Address:  205.251.193.133
    Name:    aws.amazondomains.com
    Address:  1.1.1.1

    The option -type=A define the query type is A. You can define other query types. For example : MX, CNAME, or TXT.

Related information

Checking DNS responses from Route 53

AWS OFFICIAL
AWS OFFICIALAktualisiert vor 5 Monaten