- Newest
- Most votes
- Most comments
Can you hit the IP address of the load balancer and it looks fine?
You mention changing the nameserver records, you would usually only need to do this is you've delegated administration of your domain to Route 53 from a third-party registrar. Check the TTL for the NS records on the registrar's side as these are often set to a large figure (48 hours isn't uncommon) and it's advisable to lower this value to something shorter like 5 minutes before changing the NS records https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/migrate-dns-domain-in-use.html#migrate-dns-lower-ttl
Still trying to work out why you updated your nameservers. In your orginal question:
updated the Name Servers to the domain
In your response to my original answer:
I bought the domain on AWS
When you purchased the domain from AWS, a public hosted zone will have been created in Route 53 with the correct nameservers, there shouldn't have been a need for you to update them.
Do a whois mydomain.com or enter the domain into https://who.is/ and make a note of what the nameservers are. These need to align with the NS records in the Route 53 public hosted zone.
Because I have bought it in June, which worked fine then, but through several months later i had deleted the Hosted Zone and recreated it a couple of times depending on what i was testing with AWS. Now i'm getting these problems with the domain. That's why after creating a new Hosted Zone i updated my Name Servers.
I just checked with
whoiscommand and confirm that all the name servers are the same as on the Route53.As a latest discovery, it turns out that my domain + backend API works fine but only via VPN. Without VPN it doesn't work "Site can't be reached". So this must mean i've set and configured everything correctly, but my ISP is blocking the Load Balancer/Fargate for some odd reason?
Why? What does this mean and what can i do about it?
Been following your thread on stackoverflow, and yesterday I was able to hit the test site you setup at api.milanobrenovic.com but today I can't, so you're obviously still trying to fix this.
Your ISP may not be resolving the address, but your VPN provider is, because the DNS recoreds are not being propagated properly. Why this would happen is unclear, but you may want to try each of these and see if you get different results https://www.lifewire.com/free-and-public-dns-servers-2626062
Are you using DNSSEC? https://repost.aws/knowledge-center/route53-troubleshoot-dnssec-configuration
Relevant content
- asked a year ago
- asked a year ago
- "This site can’t be reached " -> Using Lightsail with a wordpress instance and a Route53 Domain NameAccepted Answerasked a year ago
- asked 3 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Could you write the commands I can try and test? I tried dig @ns-... api.domain.com A and it returns status: REFUSED along with other information. I tried nslookup api.domain.com but getting error "** server can't find api.domain.com: SERVFAIL". I bought the domain on AWS so there's no 3rd party registrar. I'll change 172800 into 300 (5 minutes) as you suggested and will let you know if it changes in a few minutes.
Edit: nothing changed even after decreasing to 300 TTL.
I tried pinging the load balancer dns and it cant receive any packets back. 100% loss. why if the load balancer dns works completely fine and the API is deployed successfully?
Your load balancer may not be publicly accessible. You'll have to check your security groups and route table routes. Verify that you public subnet is actually public by checking that you have an Internet Gateway and an associated route for it. Also make sure that you have a NAT Gateway and associated routes in you private subnet if you are hosting resources there. Don't introduce Route53 in your troubleshooting until you confirm that you can ping the load balancer's DNS directly.
This post may provide additional information.
@iuurquiz i have created a stackoverflow question with more details. Please check it out. Read the comments and let me know your thoughts: https://stackoverflow.com/questions/77483541/route53-ecs-fargate-load-balancer-this-site-cant-be-reached?noredirect=1#comment136600224_77483541
In there you can see that i'm already using a NAT. The public subnet is public confirmed. I do have IGW for public route table. Pinging the load balancer's DNS doesn't receive any packets back, resulting in a 100% packet loss. Why is that if i have defined all the VPC configuration correctly?