Nuxtstop

For all things nuxt.js

My DNS doesn't work

#dns #aws #route53 #domains
13 0

Making changes to DNS looks easy, but in the end something almost always goes wrong. Worst of all it is never really clear what the problem is or how to fix it.

I've been waiting a long time for Route53 to propagate my DNS changes.

You've likely changed your NS records, switched providers, or hosted zones, but your www or apex domain still isn't resolving.

How long is a long time, I've found on average (assuming minimal TTL for records) that resolution will work in 3 minutes. That's right if it isn't working in 3 minutes, you did something wrong. Sorry to be the bearer of bad news. (This number isn't true for Indian DNS, I don't what it is about Indian DNS, but frequently it can take over 24 hours for an update to propagate).

Let's say it has been an hour and you are still waiting. Me at this point, I would have already been clicking a 100 different things, how you managed to wait a whole hour is medal worthy. You have the patience of virtue, congrats.

So what's wrong?

Let's check to see what dig says:

dig DOMAIN NS
Enter fullscreen mode Exit fullscreen mode

What do you get back, if you get back 4 NS DNS values, great, if they match your hosted zone, even better.
Correct Response

;; ANSWER SECTION:
authress.io.        172800  IN  NS  ns-181.awsdns-22.com.
authress.io.        172800  IN  NS  ns-796.awsdns-35.net.
authress.io.        172800  IN  NS  ns-1141.awsdns-14.org.
authress.io.        172800  IN  NS  ns-1563.awsdns-03.co.uk.
Enter fullscreen mode Exit fullscreen mode

But if you get this:

;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48896
Enter fullscreen mode Exit fullscreen mode

Or this:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2693
Enter fullscreen mode Exit fullscreen mode

Then you know your domain name configuration (NOT the hosted zone) is incorrectly configured.

Go back and copy your hosted zone NS values TO your Domain name configuration. FROM AWS Route53 TO Domain Configuration. (For some reason hosted zone providers let you change your NS, why is beyond me, and this is always wrong) Do Not Change your NS record values in your zone configuration. You are looking to change the property called Name Servers of your Domain Registration.

But they ARE the same already

The problem likely stems from the fact that you might have copied the wrong direction. Instead of updating your domain with the hosted zone data, you updated the hosted zone removing the correct NS values. As I mentioned above this could be the case. The simplest solution is delete the hosted zone and start over. But if you are intent on keeping it, you could try to recover the real NS values, using your Cloud Provider. For instance, with AWS Route53:

aws route53 get-hosted-zone --id ZONE
Enter fullscreen mode Exit fullscreen mode

Will return:

DelegationSet: {
  NameServers: [
    "ns-2048.awsdns-64.com", 
    "ns-2049.awsdns-65.net", 
    "ns-2050.awsdns-66.org", 
    "ns-2051.awsdns-67.co.uk"
  ]
}
Enter fullscreen mode Exit fullscreen mode

Set these values in both locations.

Subdomain issues

My production domain (domain.com) works but the subdomain (dev.domain.com) does not.

  1. Create a hosted zone named dev.domain.com
  2. Copy the NS records from that new hosted zone
  3. Go to the production hosted zone (named: domain.com)
  4. Create an NS record: 
Name: "dev.domain.com"
Type: "NS"
Value: "NS Values from Sub Hosted Zone"
Enter fullscreen mode Exit fullscreen mode

Come join our Community and discuss this and other security related topics!

Add comment