dig eastcutlabs.com = status: SERVFAIL

0

I've been using route53-purchased domains with netlify to point to their webapps successfully for several apps.

I recently created a second hosted zone (eastcutlabs.com) via terraform that was the same domain name as a previously working domain of the same name. I deleted both of them and tried to recreate just one domain of the same name and reconfigured the A and CNAME records that makes it point to my netlify webapp, but it does not work no matter how many times I delete the hosted zone and try again. I ran a dig eastcutlabs.com and it shows status: SERVFAIL. I did a dig eastcutlabs.com _trace and it does not return the A record that exists in route53. You can find my route53 config the dig and dig_trace below.

I subsequently purchased another domain (eastcutlab.com - note: "lab" instead of "labs") and pointed it to the same webapp as I'm trying with eastcutlabs.com and it worked (config also below).

For eastcutlabs.com (non-working domain) I also tried flushing the DNS cache from: https://developers.google.com/speed/public-dns/cache.

tldr:
eastcutlabs.com (plural: returns a SERVFAIL)
eastcutlab.com (singular: works)

====================================

eastcutlabs.com (not working)

resource "aws_route53_record" "Z1H2B5E0B5U9QA_eastcutlabs--com--_A_" {  
  name    = "eastcutlabs.com"  
  records = \["104.198.14.52"]  
  ttl     = "300"  
  type    = "A"  
  zone_id = "${aws_route53_zone.Z1H2B5E0B5U9QA_eastcutlabs--com.zone_id}"  
}  
  
resource "aws_route53_record" "Z1H2B5E0B5U9QA_eastcutlabs--com--_NS_" {  
  name    = "eastcutlabs.com"  
  records = \["ns-770.awsdns-32.net.", "ns-1166.awsdns-17.org.", "ns-127.awsdns-15.com.", "ns-2018.awsdns-60.co.uk."]  
  ttl     = "172800"  
  type    = "NS"  
  zone_id = "${aws_route53_zone.Z1H2B5E0B5U9QA_eastcutlabs--com.zone_id}"  
}  
  
resource "aws_route53_record" "Z1H2B5E0B5U9QA_eastcutlabs--com--_SOA_" {  
  name    = "eastcutlabs.com"  
  records = \["ns-2018.awsdns-60.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"]  
  ttl     = "900"  
  type    = "SOA"  
  zone_id = "${aws_route53_zone.Z1H2B5E0B5U9QA_eastcutlabs--com.zone_id}"  
}  
  
resource "aws_route53_record" "Z1H2B5E0B5U9QA_www--eastcutlabs--com--_CNAME_" {  
  name    = "www.eastcutlabs.com"  
  records = \["optimistic-wiles-20fec5.netlify.com"]  
  ttl     = "300"  
  type    = "CNAME"  
  zone_id = "${aws_route53_zone.Z1H2B5E0B5U9QA_eastcutlabs--com.zone_id}"  
}  

eastcutlab.com (working)

resource "aws_route53_record" "Z1ZRGWFIEUH3F5_eastcutlab--com--_A_" {  
  name    = "eastcutlab.com"  
  records = \["104.198.14.52"]  
  ttl     = "300"  
  type    = "A"  
  zone_id = "${aws_route53_zone.Z1ZRGWFIEUH3F5_eastcutlab--com.zone_id}"  
}  
  
resource "aws_route53_record" "Z1ZRGWFIEUH3F5_eastcutlab--com--_NS_" {  
  name    = "eastcutlab.com"  
  records = \["ns-45.awsdns-05.com.", "ns-1994.awsdns-57.co.uk.", "ns-1046.awsdns-02.org.", "ns-948.awsdns-54.net."]  
  ttl     = "172800"  
  type    = "NS"  
  zone_id = "${aws_route53_zone.Z1ZRGWFIEUH3F5_eastcutlab--com.zone_id}"  
}  
  
resource "aws_route53_record" "Z1ZRGWFIEUH3F5_eastcutlab--com--_SOA_" {  
  name    = "eastcutlab.com"  
  records = \["ns-948.awsdns-54.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"]  
  ttl     = "900"  
  type    = "SOA"  
  zone_id = "${aws_route53_zone.Z1ZRGWFIEUH3F5_eastcutlab--com.zone_id}"  
}  
  
resource "aws_route53_record" "Z1ZRGWFIEUH3F5_www--eastcutlab--com--_CNAME_" {  
  name    = "www.eastcutlab.com"  
  records = \["optimistic-wiles-20fec5.netlify.com"]  
  ttl     = "300"  
  type    = "CNAME"  
  zone_id = "${aws_route53_zone.Z1ZRGWFIEUH3F5_eastcutlab--com.zone_id}"  
}  

dig eastcutlabs.com (not working)

; <<>> DiG 9.10.6 <<>> eastcutlabs.com  
;; global options: +cmd  
;; Got answer:  
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7554  
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1  
  
;; OPT PSEUDOSECTION:  
; EDNS: version: 0, flags:; udp: 4096  
;; QUESTION SECTION:  
;eastcutlabs.com.		IN	A  
  
;; Query time: 99 msec  
;; SERVER: 192.168.0.1#53(192.168.0.1)  
;; WHEN: Mon Sep 23 19:20:22 PDT 2019  
;; MSG SIZE  rcvd: 44  

dig eastcutlabs.com +trace (not working)

...  
eastcutlabs.com.	172800	IN	NS	ns-127.awsdns-15.com.  
eastcutlabs.com.	172800	IN	NS	ns-770.awsdns-32.net.  
eastcutlabs.com.	172800	IN	NS	ns-1166.awsdns-17.org.  
eastcutlabs.com.	172800	IN	NS	ns-2018.awsdns-60.co.uk.  
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A  NS SOA RRSIG DNSKEY NSEC3PARAM  
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190928044441 20190921033441 17708 com. G131mLtsBTVuH1wpOFbRs0/voaY_V7rxVJHc9XWhCelqZkbFiB6tVxKw oqpWdiXL_p4V40G3Koo8Y7y/Qd2M+hV4edC0nal1RrNt97hkRLQAcTJ/ wHZcMl84JbDtZT44UY1iHWv4GUxlxyaQiew/YceADjSzNtqG8mU1zNhC P1g=  
HHEA290R8BPOIQQR30IRSVVI46C9B0HV.com. 86400 IN NSEC3 1 1 0 - HHEALMV137V9EQO2DK68KA3F9MVS0D32  NS DS RRSIG  
HHEA290R8BPOIQQR30IRSVVI46C9B0HV.com. 86400 IN RRSIG NSEC3 8 2 86400 20190929051624 20190922040624 17708 com. pFc2boy242bdH_MGS/l_aAk_xjQ5BlplgNjmEWeIAMqObTSo7XgqCxtS 47XNGsRW2uxjT8sfZXEkysTYcHcfPvFWydDez8u6/T_uJjx5L2wRSHpJ 9tzyILeKubVEZmNDYn79Wj3DBVuiADOnyYlI6gh1dfd3tagS9XSG9XPk h3U=  
;; Received 682 bytes from 192.26.92.30#53(c.gtld-servers.net) in 45 ms  
  
;; Received 33 bytes from 205.251.196.142#53(ns-1166.awsdns-17.org) in 21 ms  

dig eastcutlab.com (working)

; <<>> DiG 9.10.6 <<>> eastcutlab.com  
;; global options: +cmd  
;; Got answer:  
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64743  
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1  
  
;; OPT PSEUDOSECTION:  
; EDNS: version: 0, flags:; udp: 4096  
;; QUESTION SECTION:  
;eastcutlab.com.			IN	A  
  
;; ANSWER SECTION:  
eastcutlab.com.		300	IN	A	104.198.14.52  
  
;; Query time: 21 msec  
;; SERVER: 192.168.0.1#53(192.168.0.1)  
;; WHEN: Mon Sep 23 19:24:39 PDT 2019  
;; MSG SIZE  rcvd: 59  

dig eastcutlab.com +trace (working)

...  
eastcutlab.com.		172800	IN	NS	ns-948.awsdns-54.net.  
eastcutlab.com.		172800	IN	NS	ns-1046.awsdns-02.org.  
eastcutlab.com.		172800	IN	NS	ns-1994.awsdns-57.co.uk.  
eastcutlab.com.		172800	IN	NS	ns-45.awsdns-05.com.  
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A  NS SOA RRSIG DNSKEY NSEC3PARAM  
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190928044441 20190921033441 17708 com. G131mLtsBTVuH1wpOFbRs0/voaY_V7rxVJHc9XWhCelqZkbFiB6tVxKw oqpWdiXL_p4V40G3Koo8Y7y/Qd2M+hV4edC0nal1RrNt97hkRLQAcTJ/ wHZcMl84JbDtZT44UY1iHWv4GUxlxyaQiew/YceADjSzNtqG8mU1zNhC P1g=  
GL38I96QK11041TE88Q6CO1V4LOSIRCK.com. 86400 IN NSEC3 1 1 0 - GL3B3M8MBCJM4GS4D8D5OI5PPIBLOTMN  NS DS RRSIG  
GL38I96QK11041TE88Q6CO1V4LOSIRCK.com. 86400 IN RRSIG NSEC3 8 2 86400 20190930042015 20190923031015 17708 com. w/D5rSb5jeBTdj8ObyfFCrHfqf1v6JktHHbQei06jIrXRIeVhSdgB9wL iQXgl9pd7YaYEcAuOlCsuhp0AQiFVrQ0dxDh6ugG/OittIFHAXHiptYk fF4wpInlo8NNV0DPtNFu_uIt4YKwu5ZjfxysY2odfBueG3HAugU0Xe9a _iQ=  
;; Received 680 bytes from 192.26.92.30#53(c.gtld-servers.net) in 45 ms  
  
eastcutlab.com.		300	IN	A	104.198.14.52  
eastcutlab.com.		172800	IN	NS	ns-1046.awsdns-02.org.  
eastcutlab.com.		172800	IN	NS	ns-1994.awsdns-57.co.uk.  
eastcutlab.com.		172800	IN	NS	ns-45.awsdns-05.com.  
eastcutlab.com.		172800	IN	NS	ns-948.awsdns-54.net.  
;; Received 195 bytes from 205.251.192.45#53(ns-45.awsdns-05.com) in 22 ms  

Edited by: tomkit on Sep 23, 2019 8:00 PM

tomkit
asked 5 years ago217 views
1 Answer
0

Hi,

When you create a hosted zone, Route 53 assigns a unique set of four name servers to the hosted zone and creates an NS record that uses those same four name servers. When you create another hosted zone, Route 53 assigns another unique set of four name servers to the hosted zone. When you created a new hosted zone for eastcutlabs.com, you got four name servers that don't match the name servers in the configuration for your domain registration.

Here's how you fix it:

  1. Get the four name servers that Route 53 assigned to your hosted zone. See "Getting the Name Servers for a Public Hosted Zone" in the Route 53 Developer Guide:

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/GetInfoAboutHostedZone.html

  1. Update the NS record in the hosted zone to use the four name servers that you got in step 1. See "Editing Records":

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-editing.html

  1. Update the domain registration to use the four name servers that you got in step 1. See "Adding or Changing Name Servers and Glue Records for a Domain":

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-name-servers-glue-records.html

After you make the change, it'll take a couple of days for you to be able to access eastcutlabs.com again because the DNS resolver that you're using has cached the wrong name servers, and the default cache duration is typically 48 hours.

Scott

EXPERT
answered 5 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions