Need advice for DNS problem with newly registered domain

[vishalrao]

Hey folks... I have a DNS problem with my newly registered domain. Anyone can advise how long it takes for TLD servers to refresh their records of my domain registrar NS records? Is it 2 or 3 days like suggest by googling?

Sad story follows...

What happened was a few days ago I registered a domain with aws route 53 service and it was resolving fine then like an idiot I tried to tinker with the zones by changing the NS records to Linode NS servers and then to come back to AWS I deleted the zone and created new one which has different NS records.

Now after some investigation it appears that the TLD root servers for my domain still holding the old NS servers and these are returning REFUSED error code when lookup my domain name.

As a result a normal lookup which hits say public google or cloudflare DNS servers they return SERVFAIL error code as a result of the old AWS servers return refused error.

🤷🏻‍♂ So that's my sob story... I'm currently going to wait another day or 2 but if it doesn't start working is there any way to flush the TLD servers to pick up my current NS records?

Thanks!

 

[Sushubh]

i mean cloudflare does have this page: 1.1.1.1 — the Internet’s Fastest, Privacy-First DNS Resolver

OpenDNS has this: OpenDNS: Cloud-Delivered Security Enforcement and Intelligence

these usually worked when i was not using cloudflare for dns management. with cloudflare, changes to domain records are usually instantly updated. haven't faced these issues in a loooooooooog time. actually the last time i had to wait 2-3 days for updates was back in early 2000s when i was using net4.

i would suggest transferring the domain to cloudflare and just use it for domain management 😛

 

[vishalrao]

Google also has a place to flush their public DNS records but from what I've been able to understand is that the TLD root DNS servers are caching my old NS authority servers and it's these servers return REFUSED error code.

The current NS servers of AWS are resolving my domain fine it's just that other DNS servers like 1111 and 8888 are contacting the TLD root servers which is where the response is point to old AWS servers that are returning REFUSED message.

 

[pothi]

I'm currently going to wait another day or 2

That's what I did when I changed name servers too frequently. All were fixed after about 48 hours. That was over 10 years ago. It still seems to be an issue when changing NS records quickly for more than once. From that experience, I always wait for 48 hours before updating NS records, particularly after buying a domain.

 

[vishalrao]

Thanks yup... So I see 2 problems... Firstly the TLD root servers are returning old cached AWS servers and secondly these old AWS servers are returning REFUSED message which in turn results in downstream servers like 1111 and 8888 to return SERVFAIL message.

I don't know why the old AWS servers are returning REFUSED message maybe too many lookups by global servers or some security precaution.

Anyways yes I will just wait another couple of days because the current AWS servers are returning proper response if I directly query them... It's just that the TLD root servers need to reply to other servers with the current working AWS servers.

 

[vishalrao]

So it's working now and of course it was my fault.

It turned out to be the stale authoritative name server records were left in the "domains" section of the route53 aws page which I failed to look at, didn't even realise until I opened a support ticket and they sent steps to follow.

I was only looking at the "hosted zones" section. Here you need to just check the NS records are matching up in the hosted zone info and the records entries, which it should be on its own.

Then you need to open the domains section and look at the NS records entries and edit them to match the entries you just checked in the hosted zone. This is the part I was missing.

After I fixed these entries the DNS records propagated within a few minutes (at least to google and cloudflare public DNS) even though the support ticket response mentioned to wait anywhere from 2 to 24 hours.

Oh and when I went to create a support ticket the main page is a bit misleading and discouraging saying you need paid support tier for technical issues but you can just open the basic support ticket category and choose account or billing issue category which has a subcategory for domain registration issues where I was able to explain my problem and received a response within a day.

 

---

[Sushubh]

Why did you book domain on Amazon 🥵

 

[vishalrao]

They're pioneers and number one in distributed systems?

 

[Sushubh]

But domains booked anywhere else would work with aws right? 😁

 

[vishalrao]

I'm just using AWS route 53 service for domain registration and DNS records, that's all.

Currently using Linode 100 dolla credit to run some basic stuff, might just continue with them thereafter...

 

[vishalrao]

AWS stuff is freaking complex and costly... But the domain registration cost is same as elsewhere like Google domains.