How can I troubleshoot a Route 53 hosted zone?
$ ~ dig request.i-codedesign.com ns
; <<>> DiG 9.8.3-P1 <<>> request.i-codedesign.com ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6399
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;request.i-codedesign.com. IN NS
;; AUTHORITY SECTION:
i-codedesign.com. 10798 IN SOA ns3.webminders.com. root.i-codedesign.com. 1316218819 10800 1800 604800 300
;; Query time: 42 msec
;; SERVER: 192.168.3.1#53(192.168.3.1)
;; WHEN: Fri Jun 20 15:46:30 2014
;; MSG SIZE rcvd: 98
There are no NS records for that zone, which is a problem. The query I issued should return the four nameservers you quoted in your answer.
In your i-codedesign.com zone, you need to create an NS record for the request subdomain.
Regarding your name server records posted, those are for i-codedesign.com. You still need to create NS records for the requests subdomain.
Related videos on Youtube
11 : 57
04 : 35
13 : 59
11 : 50
02 : 38
Jeromy French
Jeromy French is a well-rounded internet programmer with over fifteen years experience developing and maintaining a wide variety of systems for government agencies, extremely large corporations, and small businesses. Jeromy's specialties are working with business experts, designing technical and non-technical solutions to meet the needs of the business, crafting and implementing development processes, and leading teams to deliver software on time, on budget, and with high quality. Jeromy makes his home in Virginia where, through a power-sharing arrangement, his wife, daughter, son and cat run his life.
Updated on September 18, 2022Comments
-
Jeromy French over 1 year
About a week ago, I followed the AWS Route 53 instructions for creating a subdomain hosted zone to handle traffic for "request.i-codedesign.com".
The hosted zone provisioned these NS servers:
ns-1009.awsdns-62.net.
ns-1198.awsdns-21.org.
ns-1.awsdns-00.com.
ns-1807.awsdns-33.co.uk.Also a week ago, I updated our DNS Service (Dotster) to add the above Name Server records:
For a while this worked well, traffic was getting to the intended server.
Within the past week, it stopped working. What steps can I take to troubleshoot this? I've tried
nslookup request.i-codedesign.com ns-1.awsdns-00.com, for example, but it just returns four sets of "DNS request timed out. timeout was 2 seconds."
EDIT
When I try from home, the address resolves and I can see my web app.
From here, this is the nslookup result:
C:\jhfrench>nslookup Default Server: Wireless_Broadband_Router.home Address: 192.168.1.1 > set debug > request.i-codedesign.com Server: Wireless_Broadband_Router.home Address: 192.168.1.1 ------------ Got answer: HEADER: opcode = QUERY, id = 2, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: request.i-codedesign.com.home, type = A, class = IN AUTHORITY RECORDS: -> home ttl = 3600 (1 hour) primary name server = home responsible mail addr = (root) serial = 10274 refresh = 3600 (1 hour) retry = 3600 (1 hour) expire = 3600 (1 hour) default TTL = 3600 (1 hour) ------------ ------------ Got answer: HEADER: opcode = QUERY, id = 3, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: request.i-codedesign.com.home, type = AAAA, class = IN AUTHORITY RECORDS: -> home ttl = 3600 (1 hour) primary name server = home responsible mail addr = (root) serial = 10275 refresh = 3600 (1 hour) retry = 3600 (1 hour) expire = 3600 (1 hour) default TTL = 3600 (1 hour) ------------ ------------ Got answer: HEADER: opcode = QUERY, id = 4, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 1, authority records = 0, additional = 0 QUESTIONS: request.i-codedesign.com, type = A, class = IN ANSWERS: -> request.i-codedesign.com internet address = 54.225.172.91 ttl = 300 (5 mins) ------------ Non-authoritative answer: ------------ Got answer: HEADER: opcode = QUERY, id = 5, rcode = NOERROR header flags: response, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: request.i-codedesign.com, type = AAAA, class = IN AUTHORITY RECORDS: -> request.i-codedesign.com ttl = 900 (15 mins) primary name server = ns-1828.awsdns-36.co.uk responsible mail addr = awsdns-hostmaster.amazon.com serial = 1 refresh = 7200 (2 hours) retry = 900 (15 mins) expire = 1209600 (14 days) default TTL = 86400 (1 day) ------------ Name: request.i-codedesign.com Address: 54.225.172.91-
Jeromy French almost 10 yearsProbably not relevant, but requests to the IP of the intended endpoint are getting served.
-
EEAA almost 10 yearsJust give us your real domain. With these sorts of issues, that is the fastest way to getting a good answer. -
Jeromy French almost 10 yearsMore mystery: when I try it from home, it works every time.
-
-
EEAA almost 10 yearsSame deal. You have no
NSrecords. -
Jeromy French almost 10 yearsI followed the AWS instructions for creating a subdomain (docs.aws.amazon.com/Route53/latest/DeveloperGuide/…), including the part about registering the NS with the domain's registrar
-
EEAA almost 10 yearsYou missed (or botched) the "Updating Your DNS Service with Name Server Records for the Subdomain" section.
-
Jeromy French almost 10 years(a week ago) I updated our DNS Service (Dotster) to add the above Name Server records. See my edit to the question for the resulting listing.
-
EEAA almost 10 years@JeromyFrench - I don't know how I can state this any more clearly. You have no
NSrecords for that zone.. The above query shows anArecord and aAAAArecord. No NS records. It would do you good to take a break, step back, and read up on how DNS works. You're flailing around and not getting anywhere. -
Håkan Lindqvist almost 10 years@JeromyFrench Maybe the thing that needs further emphasis is that when delegating a zone the same NS records are to be added both in the parent zone (purely for use as authority information) and in your actual zone as the actual authoritative records. One or the other alone is not enough.
