By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Route 53 subdomain resolve for some ISPs but not for others

0

We've been facing some issues with domains created in Route 53 for a while now. Some domains (CNames) are resolved correctly when using some ISPs and are not found when changing the ISP/DNS server. It seems like Route 53 authoritative servers do not propagate or are not reachable to some ISPs recursive servers or maybe even TLD servers. It's also not propagation delay, as the issue sometimes persist for hours and days.

For example, in Canada it works when using the Rogers ISP but it doesn't when using Shaw. In Brazil it works when using Vivo network but not when using Oi network.

Has this been an issue in the past? Is it related to any configuration when creating the records?

Topics
Networking & Content Delivery
Tags
Networking & Content DeliveryAmazon Route 53Domain Name System (DNS)
Language
English
Rafael
asked 5 months ago198 views
2 Answers
0

Hi,

Route 53 is a stable service. It is more likely to be an issue with dns configuration or ISPs.

There are 2 ways to create dns entries for sub-domains:

  1. records for subdomains created in parent hosted zone
  2. create a separate hosted zone for sub-domain and do sub-domain delegation[1]

Way 1:

If 1 record of hosted zone is resolving, all other should work as well. if some are resolving some not, clear dns cache and try again. If still issue, contact ISP. -->Use https://dnschecker.org/ for check if the record is resolving for major ISPs. -->You might want to clear dns cache and run dig +trace(to know answer each nameserver starting from root till authoritative nameserver give back). This can help find where exactly is issue.

Way 2:

Check using [1] if records for the subdomain have been created in both the hosted zone for the domain and the hosted zone for the subdomain are same. If not, dns behavior will depend on which name servers a DNS resolver has cached, the name servers for the domain hosted zone (example.com) or the name servers for the subdomain hosted zone (acme.example.com). In some cases, Route 53 will return NXDOMAIN (non-existent domain) when the record exists, but not in the hosted zone that DNS resolvers are submitting the query to. This is called qname Minimization [2]

[1]https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-routing-traffic-for-subdomains.html [2]https://www.isc.org/blogs/qname-minimization-and-privacy/#

AWS
Ananya
answered 5 months ago
0

I don't think it's an ISP issue, but you can check this by querying your domain using a range of DNS servers and then compare results.

nslookup xyz.mydomain.com on its own will use your device's default DNS server, which may be set in your router, or could be whatever is in your OS config.

There is a whole bunch of public DNS servers listed at https://www.lifewire.com/free-and-public-dns-servers-2626062 I would try each of these individually, e.g. to force a lookup using Google's DNS it would be nslookup xyz.mydomain.com 8.8.8.8

if you have access to the dig command you can force it to use other nameservers, e.g. to use CloudFlare's DNS to query your domain's name servers you would use dig @1.1.1.1 mydomain.com ns

On a completely different train of thought, are you using DNSSEC within the hosted zone? If you are then try disabling DNSSEC signing for the hosted zone, and see if that gets it working. You can always enable it again later https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring-dnssec-disable.html

profile picture
EXPERT
Steve_M
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content