: Delegating DNS: Are my AWS Route53 NS records propagating correctly? I'm delegating traffic from NameCheap to Route53 on AWS and, after three hours, the site is not up. Chrome is responding with
I'm delegating traffic from NameCheap to Route53 on AWS and, after three hours, the site is not up. Chrome is responding with a "This site can’t be reached" error page. Granted, we're still well within the 24-48 hours that the Route53 docs say our app may be inaccessible, so this may be a non-issue -- but, there's a big deadline on the horizon, and I want to make sure I'm not going to wait 48 hours for something that isn't ever going to work. My hope here is to have some more experienced user let me know if my approach is correct, and that the report from G Suite Toolbox's Dig indicates that the process is going as it should.
This is the configuration I'm using, which has worked perfectly for three of our other apps:
1) Create a Hosted Zone in AWS Route53 with NS records, the names of which are in the format example.com, an A record (as an alias) pointing to a live Elastic Beanstalk URL, a CNAME record (not an alias) with the value example.com, and an SOA record with a value in the format ns-{integer}.awsdns-{integer}.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400.
2) Create 4 NS records in our DNS (NameCheap) that delegate traffic to Route53. Each record uses host www and a value in the format ns-{integer}.awsdns-{integer}.org. The 4 values come directly from the Hosted Zone's NS record values; there is one for .org, .com, .net, and .co.uk.
3) Terminate SSL traffic at the load balancer with a certificate from AWS ACM.
The best tool I've been able to find to test that this is going to work is G Suite Toolbox's Dig. When I enter example.com into it, I get the following return:
id {integer}
opcode QUERY
rcode NXDOMAIN
flags QR RD RA
;QUESTION example.com. IN NS
;ANSWER
;AUTHORITY
example.com. 53 IN SOA ns-{integer}.awsdns-{integer}.org. awsdns-hostmaster.amazon.com. 1 >7200 900 1209600 86400
;ADDITIONAL
The {integers} there after the SOA ns- match the SOA record's {integers} in the Hosted Zone.
Here's the G Suite Dig return I get for one of the three apps we have that use this DNS config and are working, stage.example.com:
id {integer}
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
stage.example.com. IN NS
;ANSWER
stage.example.com. 59 IN NS ns-{integer}.awsdns-{integer}.org.
stage.example.com. 59 IN NS ns-{integer}.awsdns-{integer}.co.uk.
stage.example.com. 59 IN NS ns-{integer}.awsdns-{integer}.com.
stage.example.com. 59 IN NS ns-{integer}.awsdns-{integer}.net.
;AUTHORITY
;ADDITIONAL
All the ns record integers match what are in the Hosted Zone for this subdomain.
The NXDOMAIN state jumps out at me. Is there any reason to believe this config won't successfully transition from NXDOMAIN to NOERROR? The TTL for all the records in the Hosted Zone is all set to minimum values of 60 seconds. If this is all looking ok, is there anything I can do to speed up the process? If you see something wrong here, what the best next move?
More posts by @Hamm4606531
1 Comments
Sorted by latest first Latest Oldest Best
You can't delegate the root of a zone this way. You need to find the other option at your regstrar's site where you set the authoritative nameservers for your registered domain.
Select Domain List from the left sidebar and click the Manage button next to your domain:
Find the Nameservers section and select your preferred option from the drop-down menu.
www.namecheap.com/support/knowledgebase/article.aspx/767/10/how-can-i-change-the-nameservers-for-my-domain
Choose "Custom DNS" and configure the Route 53 servers there.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.