Hosted website not resolving all the time
Hello we have a domain we bought from fasthost, the nameserver for it is pointing to aws ones as we have a hosted zone at route53
d2fccx.com - bought at fasthost, nameserver changed to ns-1031.awsdns-00.org, ns-1561.awsdns-03.co.uk, ns-82.awsdns-10.com and ns-1003.awsdns-61.net
At Route53 we have the following:
We host a number of sites for customer and we ask them to change nameservers to ns1.d2fccx.com and ns2.d2fccx.com
When I visit the website via different networks it is being served but we've had reports website is not resolving by other visitors so I checked here and see that not all have ticks https://dnschecker.org/#A/www.ferriersflorist.com
Could someone let me know what I'm missing?
Thanks
- Newest
- Most votes
- Most comments
The nameservers for ferriersflorist.com are ns1.d2fccx.com & ns2.d2fccx.com
These are A-records whose value is the PTR record for two AWS Route 53 nameservers.
$ whois ferriersflorist.com
.
.
Name Server: ns1.d2fccx.com
Name Server: ns2.d2fccx.com
.
.
$ nslookup ns1.d2fccx.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: ns1.d2fccx.com
Address: 205.251.196.7
Name: ns1.d2fccx.com
Address: 2600:9000:5304:700::1
$ nslookup ns2.d2fccx.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: ns2.d2fccx.com
Address: 205.251.198.25
Name: ns2.d2fccx.com
Address: 2600:9000:5306:1900::1
$ getent hosts 205.251.196.7 2600:9000:5304:700::1 205.251.198.25 2600:9000:5306:1900::1
205.251.196.7 ns-1031.awsdns-00.org
2600:9000:5304:700::1 ns-1031.awsdns-00.org
205.251.198.25 ns-1561.awsdns-03.co.uk
2600:9000:5306:1900::1 ns-1561.awsdns-03.co.uk
$
These are two of the four nameservers for d2fccx.com :
$ whois d2fccx.com
.
.
Name Server: ns-82.awsdns-10.com
Name Server: ns-1003.awsdns-61.net
Name Server: ns-1561.awsdns-03.co.uk
Name Server: ns-1031.awsdns-00.org
.
.
Why is it setup like this?
I can find a SOA:
;; ANSWER SECTION:
ferriersflorist.com. 86400 IN SOA ns2.ferriersflorist.com. mason.direct2florist.com. 2024030501 10800 3600 1209600 1080
However this does not quite match what dig +trace is telling me (truncated): ;; Received 501 bytes from 199.7.83.42#53(199.7.83.42) in 220 ms
ferriersflorist.com. 172800 IN NS ns1.d2fccx.com.
ferriersflorist.com. 172800 IN NS ns2.d2fccx.com.
;; Received 172 bytes from 192.41.162.30#53(192.41.162.30) in 44 ms
www.ferriersflorist.com. 86400 IN CNAME ferriersflorist.com.
ferriersflorist.com. 86400 IN A 3.11.116.241
ferriersflorist.com. 86400 IN NS ns2.ferriersflorist.com.
ferriersflorist.com. 86400 IN NS ns1.ferriersflorist.com.
;; Received 139 bytes from 3.11.116.241#53(3.11.116.241) in 21 ms
I'm not 100% sure this will fix whatever is going wrong but for a start, ask your customer to fix their SOA and NS records to match '.com' delegation.
However I suspect the real issue is with the registrar for 'ferriersflorist.com' as I intermittently see SERVFAIL for NS lookup for 'ferriersflorist.com'.
Why are you not hosting 'ferriersflorist.com' in a Route53 hosted zone rather than on an Ec2 instance which also appears to be hosting 'www.ferriersflorist.com'. DNS on EC2 instance is not resilient, plus it's not best practice to have multiple services (DNS, HTTP/S) on a single instance as attacks on one can impact the other.
Thanks for taking the time to reply me.
If I could add, www.ferriersflorist.com is hosted on a plesk system where it adds its own dns records.
It adds ns1.ferriersflorist.com ns2.ferriersflorist.com
by itself and SOA is set to auto. I tried to remove the 2 NS record within plesk but it will not let me do it
I will be exploring hosting domains on Route53 in the future but for now I would like to see if I could resolve the current issue first.
Though through reading on the net I came across this comment;
" I am guessing you may have forgotten an important step: you need, through your registrar, to update your domain so that it has the relevant nameservers (the ones added by your provider) as authoritative on it and to be published on the parent zone, controlled by the registry (which is why you need to go through your registrar). Until you do that, direct queries to the authoritative nameservers may work but basically the domain will not globally as there is no "link" from parent."
I'm just trying to figure out how to do the above.
Hi,
ferriersflorist.com. 172800 IN NS ns1.livedns.co.uk.
ferriersflorist.com. 172800 IN NS ns2.livedns.co.uk.
ferriersflorist.com. 172800 IN NS ns3.livedns.co.uk.
;; Received 476 bytes from 192.43.172.30#53(i.gtld-servers.net) in 29 ms
www.ferriersflorist.com. 3600 IN A 3.11.116.241
;; Received 68 bytes from 217.160.82.244#53(ns2.livedns.co.uk) in 19 ms
If you would like to change the Authoritative name servers for your domain, you would need to work with your Registrar.
Relevant content
- asked 2 years ago
AWS OFFICIALUpdated 7 months ago- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
HI thanks for replying
Yes you are correct, d2fccx.com name servers are using the aws ones given. I added them previously to try create glue records and hope it will resolve the issue. I've since removed those glue records.
Basically what I'm trying to achieve is being able to give ns1.d2fccx.com and ns2.d2fccx.com to customers and as their nameservers and we have full control of their dns in plesk.
Is this what you want to do? https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/white-label-name-servers.html
Note that I've never actually tried this before, so I can't offer much advice on it.