-1

I have domain domain_name.it (domain_name = my actual domain) bought from/registered with Route 53, and using Ruote 53 to configure DNS records for that domain. I want to get my email setup for the domain with Google Suit's gmail. I add MX DNS record to Hosted Zone on AWS Route 53. and my AWS Route 53's Hosted Zone for that domain has 3 records: 1 NS, 1 SOA and 1 MX like below (noting that I have not had a host for that domain so I don't have A or AAAA records):

domain_name.it  MX  Simple  -   1 ASPMX.L.GOOGLE.COM
                                5 ALT1.ASPMX.L.GOOGLE.COM
                                5 ALT2.ASPMX.L.GOOGLE.COM
                                10 ALT3.ASPMX.L.GOOGLE.COM
                                10 ALT4.ASPMX.L.GOOGLE.COM
                                15 mfmziuvfyybzvdf2kw4mfiuz6jbgpgdtu2nhmzrl73lgqpj7jvjq.mx-verification.google.com

domain_name.it  NS  Simple  -   ns-1634.awsdns-12.co.uk.
                                ns-43.awsdns-05.com.
                                ns-973.awsdns-57.net.
                                ns-1173.awsdns-18.org.

domain_name.it  SOA Simple  -   ns-1634.awsdns-12.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

I have performed Test record on that hosted zone and the dns queries work just fine. However, when I request to resolve that domain from my local laptop:

nslookup -query=MX domain_name.it nslookup -type=NS domain_name.it

or try to lookup the domain name from any domain resolution website, they always response that domain_name.it not found.

My guess is that the DNS records were not propagated to DNS resolvers on the internet. But I have been waiting for more than 48 hours, but the queries are still unsuccessful.

My question are:

  • Did I configured the DNS record correctly on AWS's Route 53?
  • Do I need something else for the DNS records to be propagated and the DNS queries to that domain to work?

Thank you, Nhan.

Nhan Ng.
  • 11
  • 2
  • Did you purchase the domain name through Route 53? – John Rotenstein Jun 17 '21 at 08:00
  • Yes, I bought the domain from Route 53. I don't have a web host yet. Just want to use the domain for setting up an email address with that domain using google mail. – Nhan Ng. Jun 18 '21 at 07:22
  • For anyone else finding this very specific situation; it is a good question with a distinct answer but is unfortunately closed. This is likely if your domain has a hold notice from whatever body is in charge of the TLD. AWS will report it as OK because their lookup is inside their network, and they are not explicitly informed of the hold. You won't be able to resolve externally until you get the hold released. – Tobin Nov 29 '22 at 22:44

1 Answers1

1

Here is a really cool reference for DNS Troubleshooting: https://www.cloudns.net/blog/10-most-used-nslookup-commands/

Here is a command that could be very helpful:

    nslookup -type=any domain_name.it

My guess is that there is either a zone replication issue, or some sort of refresh issue where you aren't getting updates locally.

So this is a really good doc, even though it is a little geared toward Microsoft DNS. The section on Primary Zones, Secondary Zones, etc is very useful. Here is a quote that I think may apply to you directly.

"Zone Transfers Zone transfers take place when they are not integrated with Active Directory. A Zone transfer is where the master DNS servers transfer zone data from the master to secondary.

Zone transfers can occur during any of the following

When the refresh interval expires When a master server notifies a change has occurred When the server has rebooted or DNS service has restarted A manual transfer has occurred from the DNS console"

https://activedirectorypro.com/windows-dns-zones-explained/

If you suspect it is a zone transfer issue, it is hard to say exactly how to troubleshoot without knowing what sort of DNS Servers you have, but general tips:

  1. Check the Primary Zone Server, and Ensure the Secondary Zone is set up Properly.
  2. Check the Secondary Zone Server and ensure that the Primary is set up Properly. Try to force a Zone Transfer. Troubleshoot if any issues are found.

Another thing to look out for is accepted certificates, and host names. Ensure your certificate contains a 'Subject Alternative Name'. You can simply include the same value as the common name. It is part of the standard, but is enforced differently across OS and Browsers.

How to check if your cert has a SAN: https://community.pivotal.io/s/article/How-to-Check-the-Domain-and-Subject-Alt-Names-Listed-on-the-SSLTLS-Certificate-for-your-PCF-Installation?language=en_US

Here are some instructions for OpenSSL if you want to try to do it yourself: https://geekflare.com/san-ssl-certificate/

About your Local DNS Resolver Cache: Flush it

https://www.keycdn.com/support/dns-cache

Technoob1984
  • 172
  • 9
  • I bought domain from AWS Route 53, and also use the domain name service of Route 53 too. I don't have the IP address of web host for that domain. Just want to use MX record to route the domain to google mail that I am setting up, but the dns service in Route 3 just does not publish the record on the internet nor route the domain.it MX request to that google mail exchanger that I set up. – Nhan Ng. Jun 18 '21 at 07:23
  • I think you need gsuite to use a business class email with gmail. Check out Amazon SES. I used this service to talk to gsuite before: https://aws.amazon.com/ses/ – Technoob1984 Jun 18 '21 at 14:23