- Mais recentes
- Mais votos
- Mais comentários
@Vinh and anyone else who stumbled upon this issue. I was FINALLY able to solve this issue by implementing DNSSEC. I'm guessing an alternative solution may have been to remove the DNSSEC keys that were in the "Registered Domains" section and clicking on my domain, but I didn't test that first. I figured I would want to enable DNSSEC anyway. So, I went ahead and implemented DNSSEC in Route53 and after the TTL of my NS and other records, I was successfully able to resolve the DNS everywhere.
In case any Route53 folks are reading this, please update your documentation to mention that some DNS resolvers will send a DNS_PROBE_FINISHED_NXDOMAIN when there is a DNSSEC issue. That would have saved me a LOT of time! :)
I'm having the exact same issue with a domain I transferred to Route 53 2 weeks ago. It works fine when I use cellular data, but on my wifi network, I get the DNS_PROBE_FINISHED_NXDOMAIN. I have A records pointing to my ALB, etc. and all of the relevant records in the hosted zone. dig +trace
seems to find all of the relevant records.
I've tried re-creating it using a new hosted zone. I observed the namespace records changed for the domain, but I still get the same error.
I've waited more than 48 hours...in fact I've waited for over 2 weeks without any change...So, I'm lost.
I know that isn't helping to answer the question, but thought I would add my experience.
Thank you for sharing your experience, have you tried to adjust TTL for all of your DNS records?
I did...the TTL change went through, but it didn't help with the DNS_PROBE_FINISHED_NXDOMAIN error.
Hello,
Thank you for taking your time replying to my question, my site is https://streamlit.createa229.click/
Thank you. Look the error
DNS_PROBE_FINISHED_NXDOMAIN
indicates that the Domain Name System (DNS) is unable to resolve the website's domain name into an IP address. This error can occur for several reasons, including:- If there's a mistake in the web address you typed, the DNS won't find a corresponding IP address.
- High TTL (Time to Live) settings in Amazon Route 53 for DNS records may cause outdated information to be cached and utilized globally, potentially leading to website access difficulties.
- The website or domain name may not exist, or there may be a configuration issue with the domain's DNS settings.
When I access to your DNS (streamlit.createa229.click), I am redirected to a cognito login:
As you've observed, and as you pointed out, there seems to be an issue with your DNS not propagating as expected. To address this, consider adjusting the TTL (Time to Live) settings before making any DNS record updates. Lowering the TTL to between 5 and 10 minutes can facilitate faster propagation. Once the DNS update has successfully propagated and stabilized, it's advisable to revert the TTL to 24 hours. This adjustment helps reduce server load and improves caching efficiency.
Thank you for looking into this.
I have adjusted TTL for my NS from 86400 to 300 seconds. My next question is, will the DNS continue to propagate after I adjusted the TTL (because I saw some posts that people have to wait for weeks but don't get any results) or do I need to remove all my records and create them again?
Thank you.
It should be completed within a maximum of 48 hours. You generally do not need to remove and recreate your DNS records after adjusting the TTL.
Let me know if it's working for you already.
It hasn't worked for me just yet. I'll keep you updated on next week. Thank you
@Vinh, Question for you:
- Go to "Registered Domains"
- Click on your domain
- Go to the DNSSEC keys
Do you see an entry there?
I have an entry there and I'm wondering if that got transferred with the domain name when I transferred it to Route53...And possibly that is what's causing some DNS name servers to show an error? I'm exploring this option right now. Thought I would ask.
Hey guys i have the same problem i tried everything on this list I changed my name server properly i cahnged TTL i created DNSSEC but i still can't enter my domain in my Wi-Fi. I can also enter from my cellular data? I will appretiate if you guys have an answer. I can also enter my domain via VPN.
Conteúdo relevante
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 10 meses
Thank you so much for sharing this, I could finally stop seeing that error message after , as you mentioned above, to remove DNSSEC keys assigned to my "Registered Domains" :)). I went to check DNSSEC signing section under Route53 > Hosted Zones > [My_Domain], and figured out that I accidentally disabled a KMS key that was using for the KSKs (Key-signing keys) which I could be reason that DNS resolver was messed up, and I might have a set up a new one again
But thank you for all the help everyone, @benjaminbytheway and @OsvaldoMarte, for sharing your solutions and experiences.