- Newest
- Most votes
- Most comments
I have purchased a domain name from route53. I have successfully registered this domain name and created a hosted zone.
When the domain was purchased through Route 53 a public hosted zone would have been created with the correct NS records in place. There shouldn't have been a need to create a new hosted zone as a separate step.
But you are where you are now, what's important is that all four name server records in the registered domain https://console.aws.amazon.com/route53/domains/home#/
Need to match the name server records in the hosted zone https://console.aws.amazon.com/route53/v2/hostedzones#
It would be best not to touch the records in the Registered Domain section and instead alter the Hosted Zone records to match. The steps to do this are here (I know you're not really migrating the domain, but the process is the same) https://repost.aws/knowledge-center/route-53-update-name-servers-registrar
Steps 4 thru 9 of this document go through the same steps in more detail https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/migrate-dns-domain-in-use.html
It sounds like you may have tried this already, but did you lower the TTL (time-to-live) value before starting? This is usually set to something like two days, reducing it to a shorter value like five minutes will mean the updated values will propagate quicker. You can always increase it back to the original value when you are confident everything is working.
Also, if you are using DNSSEC then probably best to stop using it until you get the basics straightened out, then you can re-introduce it.
Ensure you provided a valid email address at the time of registering the domain. You need to verify your identity before the domain is resolveable on internent. If you do a nslookup and see a NXDOMAIN for a new registed domain most likely you have not been verified yet or the verificication is failed and your domain was suspended. This is a requirement for regulatory purposes. Do not make any changes to the Name Servers in your public hosted zone. Check point number 9 on this document. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-register.html#domain-register-procedure-section
Hi Azeem, thanks for the help, if I do an NSLOOKUP I just see *** UnKnown can't find myDomainName.org: Server failed.
I checked my email and saw an email verification from route53, specifying the successful creation of my new domain name.
I have resolved the issue, I needed to align my name-servers in my "Registered Domiain" to the name-servers AWS provided to me in my "Hosted Zones", I did the opposite. Switched my "Hosted Zone" name-servers to match my "registered domains" name-server.
Thanks again for the assistance.
Ahh I see the problem. Glad you got it resolved.
Ensure that the NS (Name Server) records for your domain in Route 53 are correctly pointing to the AWS-provided name servers. You mentioned that you switched the name servers based on information from ICANN lookup, so make sure you have the correct name servers set up in your Route 53 hosted zone. It can take some time (usually up to 48 hours) for DNS changes to propagate globally, so if you recently updated the NS records, you might need to wait for propagation to complete before the changes take effect If the SSL certificate is still pending validation for an extended period, double-check that the validation records (CNAMEs) are correctly configured and that the certificate authority can reach them for validation. Keep in mind that DNS changes and SSL certificate validations can experience propagation delays, so it's possible that the changes you've made are still in progress. ,also it may be helpful to review AWS documentation https://docs.aws.amazon.com/amplify/latest/userguide/custom-domain-troubleshoot-guide.html or reach out to AWS support for further assistance, as they can provide specific guidance tailored to your setup and configuration.
Thanks for the response. I switched the name servers to the ones I found in ICANN lookup BECAUSE the AWS name servers provided were not resolving the IP address i was attempting to point at. All the issues mentioned above have been faced with the AWS provided name servers. And I posted this question today but changed the name servers 2 days ago, I allowed for the propagation to take effect.
double-check that the validation records (CNAMEs) are correctly configured and that the certificate authority can reach them for validation
The Test Record feature shows these CNAME records as being accessible, however, I cannot perform an NSLookup on them.
IF you have any other suggestions that would be great. Thank you,
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago
Hi Steve, thanks for the help.
I have resolved the issue, you were sort of right, except I altered the name-servers of my "Registered Domain Zone", to match my "Hosted Zone" name servers, and everything works now. I tried to change my "Hosted Zone" name servers before to match my "Registed Domain Zone" name-servers and that didn't get me anywhere.
And I didn't realise I had name-servers all over the place, hosted zone, registered domain zone.
Well, it was a good lesson learned.
And thanks for the TTL tip, that saved me some time as well.
Thanks again for the assistance.