Route53 – This site can’t be reached


I'm trying to use Route53 for my ECS Fargate Load Balancer backend, but it keeps saying this site can't be reached. I've set up the A record, updated the Name Servers to the domain, but the website is dead.

Yes i've checked tons of youtube videos, AWS documentation, used dnslookup, dig etc commands which all yield the website as dead – "This site can't be reached".

I think some of you had this problem before. How did you solve it?

2 Answers

Can you hit the IP address of the load balancer and it looks fine?

You mention changing the nameserver records, you would usually only need to do this is you've delegated administration of your domain to Route 53 from a third-party registrar. Check the TTL for the NS records on the registrar's side as these are often set to a large figure (48 hours isn't uncommon) and it's advisable to lower this value to something shorter like 5 minutes before changing the NS records

profile picture
answered 6 months ago
  • Could you write the commands I can try and test? I tried dig @ns-... A and it returns status: REFUSED along with other information. I tried nslookup but getting error "** server can't find SERVFAIL". I bought the domain on AWS so there's no 3rd party registrar. I'll change 172800 into 300 (5 minutes) as you suggested and will let you know if it changes in a few minutes.

    Edit: nothing changed even after decreasing to 300 TTL.

  • I tried pinging the load balancer dns and it cant receive any packets back. 100% loss. why if the load balancer dns works completely fine and the API is deployed successfully?

  • Your load balancer may not be publicly accessible. You'll have to check your security groups and route table routes. Verify that you public subnet is actually public by checking that you have an Internet Gateway and an associated route for it. Also make sure that you have a NAT Gateway and associated routes in you private subnet if you are hosting resources there. Don't introduce Route53 in your troubleshooting until you confirm that you can ping the load balancer's DNS directly.

  • This post may provide additional information.

  • @iuurquiz i have created a stackoverflow question with more details. Please check it out. Read the comments and let me know your thoughts:

    In there you can see that i'm already using a NAT. The public subnet is public confirmed. I do have IGW for public route table. Pinging the load balancer's DNS doesn't receive any packets back, resulting in a 100% packet loss. Why is that if i have defined all the VPC configuration correctly?


Still trying to work out why you updated your nameservers. In your orginal question:

updated the Name Servers to the domain

In your response to my original answer:

I bought the domain on AWS

When you purchased the domain from AWS, a public hosted zone will have been created in Route 53 with the correct nameservers, there shouldn't have been a need for you to update them.

Do a whois or enter the domain into and make a note of what the nameservers are. These need to align with the NS records in the Route 53 public hosted zone.

profile picture
answered 6 months ago
  • Because I have bought it in June, which worked fine then, but through several months later i had deleted the Hosted Zone and recreated it a couple of times depending on what i was testing with AWS. Now i'm getting these problems with the domain. That's why after creating a new Hosted Zone i updated my Name Servers.

    I just checked with whois command and confirm that all the name servers are the same as on the Route53.

    As a latest discovery, it turns out that my domain + backend API works fine but only via VPN. Without VPN it doesn't work "Site can't be reached". So this must mean i've set and configured everything correctly, but my ISP is blocking the Load Balancer/Fargate for some odd reason?

    Why? What does this mean and what can i do about it?

  • Been following your thread on stackoverflow, and yesterday I was able to hit the test site you setup at but today I can't, so you're obviously still trying to fix this.

    Your ISP may not be resolving the address, but your VPN provider is, because the DNS recoreds are not being propagated properly. Why this would happen is unclear, but you may want to try each of these and see if you get different results

    Are you using DNSSEC?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions