Hello,
I registered a domain on Route53, then changed the NS records for another provider, and changed it back to AWS NS records. This happened a couple of times due to various reasons. Now I have decided to make AWS NS records as permanent. So I made the relevant changes - NS records in public hosted zone match with Glue records. However, the DNSChecker service shows that only half of the DNS servers are able to identify the correct DNS configuration (for all types of DNS records), and half of them do not recognize at all. There are couple of them which still reflect the other DNS provider records. I have waited for almost 48 hours, but still not able to fix this issue. If I make any changes to any DNS record, the half of DNS servers which actually reflect changes also reflect the new changes within couple of minutes.
What could be missing? Please help as this has left my email service to work intermittently. Thank you.
Hi Steve, Thanks for your reply. Yes the TTL was 48 hours for old NS records. No DNSSEC was enabled there. It has been >48 hours since the last change on Route53. I am wondering if enabling DNSSEC on Route53 would help? I am hoping that 72 hour cycle would make sense. 20 hours more to go, but I am not sure if that will work either. Please help.
The actions I took 48 hours before were - I recreated hosted zone and made sure NS records match with the ones mentioned in registered domain.
Do a whois on the domain and note the name servers https://lookup.icann.org/en/lookup
Alternatively, dig the domain and note the NS records https://toolbox.googleapps.com/apps/dig/
And select the Registered Domain in Route 53 and note the Name servers https://us-east-1.console.aws.amazon.com/route53/domains/home
And the NS records in the Hosted Zone https://us-east-1.console.aws.amazon.com/route53/v2/hostedzones
If all of these align in all cases then it should be okay. If anything is out-of-line then fix it up.
At this point I would think about raising a support call with AWS to get help with this. Even if you're on a Basic Support plan (which would preclude you from raising a support call most of the time) you can still do so under Account and Billing -> Service: Billing -> Category: Domain Registration Issue
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-contact-support.html