DNS_PROBE_FINISHED_NXDOMAIN Route53

0

Hello,

I received this error message (DNS_PROBE_FINISHED_NXDOMAIN) while assessing my DNS (streamlit.createa229.click). It is attached to an A record pointing to my ALB. I have tried several resolutions that I found on internet including clearing my dns cache, etc.. but they didn't work. Everything was working fine couple days ago then I got this message. The site is working fine when I enable my cellular data, but when I connect to my wifi, it suddenly just stops working.

In addition, when I perform DNS check for my website on dnschecker.org, I'm seeing that my DNS records are not propagated in some regions.

Could someone pleas help with this issue?

Vinh
asked 2 months ago140 views
5 Answers
2
Accepted Answer

@Vinh and anyone else who stumbled upon this issue. I was FINALLY able to solve this issue by implementing DNSSEC. I'm guessing an alternative solution may have been to remove the DNSSEC keys that were in the "Registered Domains" section and clicking on my domain, but I didn't test that first. I figured I would want to enable DNSSEC anyway. So, I went ahead and implemented DNSSEC in Route53 and after the TTL of my NS and other records, I was successfully able to resolve the DNS everywhere.

In case any Route53 folks are reading this, please update your documentation to mention that some DNS resolvers will send a DNS_PROBE_FINISHED_NXDOMAIN when there is a DNSSEC issue. That would have saved me a LOT of time! :)

answered 2 months ago
profile picture
EXPERT
reviewed a month ago
  • Thank you so much for sharing this, I could finally stop seeing that error message after , as you mentioned above, to remove DNSSEC keys assigned to my "Registered Domains" :)). I went to check DNSSEC signing section under Route53 > Hosted Zones > [My_Domain], and figured out that I accidentally disabled a KMS key that was using for the KSKs (Key-signing keys) which I could be reason that DNS resolver was messed up, and I might have a set up a new one again

    But thank you for all the help everyone, @benjaminbytheway and @OsvaldoMarte, for sharing your solutions and experiences.

1

I'm having the exact same issue with a domain I transferred to Route 53 2 weeks ago. It works fine when I use cellular data, but on my wifi network, I get the DNS_PROBE_FINISHED_NXDOMAIN. I have A records pointing to my ALB, etc. and all of the relevant records in the hosted zone. dig +trace seems to find all of the relevant records. I've tried re-creating it using a new hosted zone. I observed the namespace records changed for the domain, but I still get the same error.
I've waited more than 48 hours...in fact I've waited for over 2 weeks without any change...So, I'm lost. I know that isn't helping to answer the question, but thought I would add my experience.

answered 2 months ago
  • Thank you for sharing your experience, have you tried to adjust TTL for all of your DNS records?

  • I did...the TTL change went through, but it didn't help with the DNS_PROBE_FINISHED_NXDOMAIN error.

1

can you share your site?

profile picture
EXPERT
answered 2 months ago
0

Hello,

Thank you for taking your time replying to my question, my site is https://streamlit.createa229.click/

Vinh
answered 2 months ago
  • Thank you. Look the error DNS_PROBE_FINISHED_NXDOMAIN indicates that the Domain Name System (DNS) is unable to resolve the website's domain name into an IP address. This error can occur for several reasons, including:

    • If there's a mistake in the web address you typed, the DNS won't find a corresponding IP address.
    • High TTL (Time to Live) settings in Amazon Route 53 for DNS records may cause outdated information to be cached and utilized globally, potentially leading to website access difficulties.
    • The website or domain name may not exist, or there may be a configuration issue with the domain's DNS settings.

    When I access to your DNS (streamlit.createa229.click), I am redirected to a cognito login: Accessing to your DNS

    As you've observed, and as you pointed out, there seems to be an issue with your DNS not propagating as expected. To address this, consider adjusting the TTL (Time to Live) settings before making any DNS record updates. Lowering the TTL to between 5 and 10 minutes can facilitate faster propagation. Once the DNS update has successfully propagated and stabilized, it's advisable to revert the TTL to 24 hours. This adjustment helps reduce server load and improves caching efficiency.

  • Thank you for looking into this.

    I have adjusted TTL for my NS from 86400 to 300 seconds. My next question is, will the DNS continue to propagate after I adjusted the TTL (because I saw some posts that people have to wait for weeks but don't get any results) or do I need to remove all my records and create them again?

    Thank you.

  • It should be completed within a maximum of 48 hours. You generally do not need to remove and recreate your DNS records after adjusting the TTL.

  • Let me know if it's working for you already.

  • It hasn't worked for me just yet. I'll keep you updated on next week. Thank you

0

@Vinh, Question for you:

  1. Go to "Registered Domains"
  2. Click on your domain
  3. Go to the DNSSEC keys

Do you see an entry there?
I have an entry there and I'm wondering if that got transferred with the domain name when I transferred it to Route53...And possibly that is what's causing some DNS name servers to show an error? I'm exploring this option right now. Thought I would ask.

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions