Issues propogating zone to Google and others?

0

My issue is that my website seems to be unavailable in certain regions due to a lack of name resolution. The website is arnaudloos.com.

I have both my Domain and DNS hosted by Amazon. The website is hosted in an S3 bucket. There is no www bucket.

To start I've checked and my DNS NS records match my hosted zone Nameservers.
ns-889.awsdns-47.net
ns-1111.awsdns-10.org
ns-376.awsdns-47.com
ns-1823.awsdns-35.co.uk

Checking https://dns.google.com/query?name=arnaudloos.com
results in "Comment": "DNSSEC validation failure"

But if I turn off the DNSSEC toggle switch I get results
"Answer":
{
"name": "arnaudloos.com.",
"type": 1,
"TTL": 59,
"data": "52.84.126.13"
}

Manually setting my workstation client DNS to 8.8.8.8 results in not being able to browse to my website.

Checking an assigned nameserver I get a good response.

% nslookup arnaudloos.com ns-889.awsdns-47.net
Server: ns-889.awsdns-47.net
Address: 205.251.195.121#53

Name: arnaudloos.com
Address: 52.84.126.111
Name: arnaudloos.com
Address: 52.84.126.13
Name: arnaudloos.com
Address: 52.84.126.204
Name: arnaudloos.com
Address: 52.84.126.133

but not with Google

% nslookup arnaudloos.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53

** server can't find arnaudloos.com: SERVFAIL

Everything is ok with OpenDNS

% dig arnaudloos.com @208.67.222.222
; <<>> DiG 9.11.4-3ubuntu5.1-Ubuntu <<>> arnaudloos.com @208.67.222.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38549
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arnaudloos.com. IN A

;; ANSWER SECTION:
arnaudloos.com. 60 IN A 52.84.126.111
arnaudloos.com. 60 IN A 52.84.126.133
arnaudloos.com. 60 IN A 52.84.126.13
arnaudloos.com. 60 IN A 52.84.126.204

;; Query time: 20 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Wed Mar 06 12:50:39 EST 2019
;; MSG SIZE rcvd: 107

But not Google

dig arnaudloos.com @8.8.8.8
; <<>> DiG 9.11.4-3ubuntu5.1-Ubuntu <<>> arnaudloos.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6447
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;arnaudloos.com. IN A

;; Query time: 53 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Mar 06 12:51:05 EST 2019
;; MSG SIZE rcvd: 43

When I do a DNS propagation test I see that there are regions where there are no records for my site.
When I connect to my VPN provider and get my DNS redirected to their servers I also can't reach my website.

This has to be a configuration issue on my end but can someone please tell me what. Thanks.

ArnaudL
asked 5 years ago156 views
2 Answers
0
Accepted Answer

Hello ArnaudL

I understand that you are facing DNS resolution issues on your domain arnaudloos.com.

I have taken a look and seen that the reason for this is that your domain has got DNSSEC enabled. Amazon Route 53 supports DNSSEC for domain registration. We do not support DNSSEC for the DNS service regardless of whether you have the domain registered with Route 53 or another registrar[1] . When you resolve using Google DNS servers, they will attempt to verify DNSSEC and this fails resulting in the SERVFAIL error message.

To resolve the issue and get consistent resolution on your domain, you may disable DNSSEC on the domain as outlined in our documentation[2]. Alternatively you may transfer your DNS to another provider that supports DNSSEC.

[1] https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-configure-dnssec.html
[2] https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-configure-dnssec.html#domain-configure-dnssec-deleting-keys

I hope this helps.

AWS
answered 5 years ago
0

Thank you so much, it's fixed now.

ArnaudL
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions