In this article, we will look into how DNS works, and how you can troubleshoot partial DNS failures when using AWS services. This can be done using available online tools and the command-line interface.
Let’s start with a brief introduction of how DNS works. The Domain Name System is built using a distributed architecture. When the host needs to resolve the IP address of a domain name, the host device hands over this process to a DNS server. The DNS server finds the IP address of the domain name and returns it back to the host.
Let us walk through the process of a simple DNS query. When a customer is trying to resolve the DNS record Amazon.com this happens.
- First, the host sends the requested DNS query to the local DNS server.
- Second, the DNS server which is pre-configured with the list of root name servers randomly selects one of these route name servers and sends an interactive DNS query for the record Amazon.com.
- Third, the root name server responds with a list of authoritative name servers for the dot com zone as well as the IP addresses.
- Fourth the DNS server randomly selects one of the main returned in step three and sends another DNS query for the record Amazon.com.
- Fifth the top-level domain name server responds with a list of name servers that are authoritative for the domain Amazon.com.
- Sixth the DNS server randomly selects one of the authoritative name servers returned in step five and sends another DNS query for Amazon.com.
- Seventh since the name server receiving the query in step six is authoritative for the domain Amazon.com the name server responds to the DNS server with the value of the record Amazon.com which is an IP address.
- Finally, the DNS server sends this DNS response to the host.
Let us walk through the process of troubleshooting common DNS issues. For example, a customer just transferred the domain “awskcvideos.com” to Route53 and cannot resolve records in their hosted zone after completing the transfer. For DNS records to resolve properly after transferring or registering a domain on Route53, the Route53 name servers on your hosted zone need to match the name servers on the Registered Domain section on the Route53 console. Here’s how you verify this.
Step 1: After you sign an AWS management console, navigate to the Amazon Route53 console.
Step 2: In the navigation panel, choose Registered Domains.
Step 3: Click the desired domain name.
Step 4:Take note of the four nameservers.
Step 5: In the navigation panel choose the hosted zone and click the domain name.
Step 6: Take note of the four name servers in the hosted zone and verify the name servers listed in both sections marked.
In this case, the customer with the domain “awskcvideos.com” will not be able to resolve any record in their hosted zone. The solution is to update the nameservers in the registered domain section with the nameservers in their Route53 hosted zone.
Other common DNS errors include SERVFAIL and REFUSED. A SERVFAIL DNS response indicates the DNS server was unable to process this query due to a problem with the authoritative nameserver. A SERVFAIL response is also a common response for certain DNSSEC validations that are unsuccessful. To fix this, verify the DNS service provider supports DNSSEC and the authoritative nameserver on the Registered Domain section are reachable and valid for the domain. A REFUSED response indicates the nameserver is not authoritative for that domain, meaning it does not have the records for that domain in its zone file. To fix this, verify the correct nameservers in the hosted zone updated on the Registered Domain section of the Route53 console.