-1

Our static site is in DigitalOcean and API server(using Zappa) is in AWS. The domain registrar is GoDaddy. To access the static site and API server, we enlisted the DigitalOcean and Route53 NameServers in GoDaddy. In Route53 we have added a CNAME entry for www.bearete.com pointing to bearete.com. Sometimes the static server becomes unreachable and we get ERR_NAME_NOT_RESOLVED error and after few hours it automatically becomes available. I have tried changing the TTL several times without any solid solution.

AWS Route53 HealthChecks giving Failure: DNS resolution failed: the value returned by the DNS resolver does not resolve to an IPv4 address.

But when I add 8.8.8.8 or 8.8.4.4 to my network's DNS server it works every time. But we can't request every client to change their DNS settings.

I am clueless about this problem. Could anyone help me to sort this out? Thank you.

Rohan
  • 477
  • 7
  • 22
  • Something about your Route53 servers is definitely misconfigured. Check this first: https://stackoverflow.com/a/35970555/1145196 – Dusan Bajic Mar 20 '18 at 19:30
  • Try to run whois on the domain you will see all the nameserver listed in GD. @DusanBajic – Rohan Mar 20 '18 at 19:44
  • Yes, but are those the same name servers that you see in your Route53 console when you select the radio button next to your zone name? – Dusan Bajic Mar 20 '18 at 19:55
  • Oh, seems your AWS name servers are correctly configured with `CNAME`, but do not give any answer if you query them for `bearete.com` – Dusan Bajic Mar 20 '18 at 20:19
  • @Rohan NO, you do **NOT** use whois to query for nameservers. Wrong tool. – Patrick Mevzek Mar 21 '18 at 07:10

1 Answers1

2

Even if online troubleshooting tools do not see a problem but just a warning (see http://dnsviz.net/d/bearete.com/WrIDqA/dnssec/ ) I see a big problem, you have a lame delegation.

The list of nameservers for your zone is not the same in the zone and its parent.

See:

$ dig  bearete.com NS @a.gtld-servers.net | grep -A 8 ';; AUTHORITY'
;; AUTHORITY SECTION:
bearete.com.        172800  IN  NS  ns1.digitalocean.com.
bearete.com.        172800  IN  NS  ns2.digitalocean.com.
bearete.com.        172800  IN  NS  ns3.digitalocean.com.
bearete.com.        172800  IN  NS  ns-349.awsdns-43.com.
bearete.com.        172800  IN  NS  ns-928.awsdns-52.net.
bearete.com.        172800  IN  NS  ns-1544.awsdns-01.co.uk.
bearete.com.        172800  IN  NS  ns-1362.awsdns-42.org.

but Digital Ocean nameservers only list themselves as authoritative while AWS nameservers only list themselves as authoritatives.

You will first need to solve this and decide once for all if Digital Ocean or AWS should host your nameservers, it can not be both.

Then you go to your registrar (GoDaddy) and ask it to make the change (set the proper list of nameservers at parent zone, that is at registry) for you.

After that and some hours you can again begin to troubleshoot problems, if any.

Patrick Mevzek
  • 10,995
  • 16
  • 38
  • 54
  • Are you suggesting to move DO nameservers to Route53? – Rohan Mar 21 '18 at 21:37
  • Not suggesting anything as I do not have enough context to understand your specific case and I do not want to give you bad advises. I am just saying that you should at the registry publish only one set of nameservers, the ones from the company handling the DNS for you. It can be either DigitalOcean **OR** AWS but you should just decide and use one of them, not both. Based on your requirements, you could probably achieve the same results with either ones, but their services are otherwise different. – Patrick Mevzek Mar 21 '18 at 21:40