Domain name not resolving

0

Hi, I have purchased a domain name from route53. I have successfully registered this domain name and created a hosted zone. Inside the zone I have created an A-record(s) to the EC2 instance Elastic-IP addresses I wish to redirect traffic too. But, I cannot access the content via web browser. Nor can successfully perform a nslookup on my domain name.

I used this site to track the NameServers being used to resolve my domain name, https://lookup.icann.org/en/lookup . Based on the website it was able resolve the name servers of the domain name, which were different to the name servers Route53 provided. I switched these but I still cannot reach my domain-website via web browser.

The 'test record' feature in route53 works perfectly fine for all my subdomains and naked domain.

I have also requested a SSL certificate for the site but it is in a state of "pending validation" for a few days now. I created CNAME records into my hosted zone but those can't be pinged. But I can ping the nameserver which is supposed to have that CNAME redirected to, for validation.

Help please.

JAdach1
asked 5 months ago277 views
3 Answers
1

I have purchased a domain name from route53. I have successfully registered this domain name and created a hosted zone.

When the domain was purchased through Route 53 a public hosted zone would have been created with the correct NS records in place. There shouldn't have been a need to create a new hosted zone as a separate step.

But you are where you are now, what's important is that all four name server records in the registered domain https://console.aws.amazon.com/route53/domains/home#/

Need to match the name server records in the hosted zone https://console.aws.amazon.com/route53/v2/hostedzones#

It would be best not to touch the records in the Registered Domain section and instead alter the Hosted Zone records to match. The steps to do this are here (I know you're not really migrating the domain, but the process is the same) https://repost.aws/knowledge-center/route-53-update-name-servers-registrar

Steps 4 thru 9 of this document go through the same steps in more detail https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/migrate-dns-domain-in-use.html

It sounds like you may have tried this already, but did you lower the TTL (time-to-live) value before starting? This is usually set to something like two days, reducing it to a shorter value like five minutes will mean the updated values will propagate quicker. You can always increase it back to the original value when you are confident everything is working.

Also, if you are using DNSSEC then probably best to stop using it until you get the basics straightened out, then you can re-introduce it.

profile picture
EXPERT
Steve_M
answered 5 months ago
  • Hi Steve, thanks for the help.

    I have resolved the issue, you were sort of right, except I altered the name-servers of my "Registered Domain Zone", to match my "Hosted Zone" name servers, and everything works now. I tried to change my "Hosted Zone" name servers before to match my "Registed Domain Zone" name-servers and that didn't get me anywhere.

    And I didn't realise I had name-servers all over the place, hosted zone, registered domain zone.

    Well, it was a good lesson learned.

    And thanks for the TTL tip, that saved me some time as well.

    Thanks again for the assistance.

0

Ensure you provided a valid email address at the time of registering the domain. You need to verify your identity before the domain is resolveable on internent. If you do a nslookup and see a NXDOMAIN for a new registed domain most likely you have not been verified yet or the verificication is failed and your domain was suspended. This is a requirement for regulatory purposes. Do not make any changes to the Name Servers in your public hosted zone. Check point number 9 on this document. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-register.html#domain-register-procedure-section

profile pictureAWS
EXPERT
answered 5 months ago
  • Hi Azeem, thanks for the help, if I do an NSLOOKUP I just see *** UnKnown can't find myDomainName.org: Server failed.

    I checked my email and saw an email verification from route53, specifying the successful creation of my new domain name.

    I have resolved the issue, I needed to align my name-servers in my "Registered Domiain" to the name-servers AWS provided to me in my "Hosted Zones", I did the opposite. Switched my "Hosted Zone" name-servers to match my "registered domains" name-server.

    Thanks again for the assistance.

  • Ahh I see the problem. Glad you got it resolved.

0

Ensure that the NS (Name Server) records for your domain in Route 53 are correctly pointing to the AWS-provided name servers. You mentioned that you switched the name servers based on information from ICANN lookup, so make sure you have the correct name servers set up in your Route 53 hosted zone. It can take some time (usually up to 48 hours) for DNS changes to propagate globally, so if you recently updated the NS records, you might need to wait for propagation to complete before the changes take effect If the SSL certificate is still pending validation for an extended period, double-check that the validation records (CNAMEs) are correctly configured and that the certificate authority can reach them for validation. Keep in mind that DNS changes and SSL certificate validations can experience propagation delays, so it's possible that the changes you've made are still in progress. ,also it may be helpful to review AWS documentation https://docs.aws.amazon.com/amplify/latest/userguide/custom-domain-troubleshoot-guide.html or reach out to AWS support for further assistance, as they can provide specific guidance tailored to your setup and configuration.

profile picture
EXPERT
A_J
answered 5 months ago
  • Thanks for the response. I switched the name servers to the ones I found in ICANN lookup BECAUSE the AWS name servers provided were not resolving the IP address i was attempting to point at. All the issues mentioned above have been faced with the AWS provided name servers. And I posted this question today but changed the name servers 2 days ago, I allowed for the propagation to take effect.

    double-check that the validation records (CNAMEs) are correctly configured and that the certificate authority can reach them for validation

    The Test Record feature shows these CNAME records as being accessible, however, I cannot perform an NSLookup on them.

    IF you have any other suggestions that would be great. Thank you,

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions