Have a testing server where I have some stacks, a VPC (can get to interent, updates, etc) Now, I'm making a kubernete cluster with terraform and while deploying, couldn't resolve the new bought/registered domain at route 53 (I created the hosted zone and all).
My resolv.conf
cat /etc/resolv.conf
options timeout:2 attempts:5
; generated by /usr/sbin/dhclient-script
search ec2.internal
nameserver 10.0.0.2
nslookup result:
Server: 10.0.0.2
Address: 10.0.0.2#53
** server can't find myrandomdomain: NXDOMAIN
I have dns resolution/hostnames and dhcp options sets at my VPC, as well as private subnet for other servers in the same subnet (10.0.0.0/27) and an IG and public IP on the instace. First time I faced this issue.
Any ideas?
Thanks.
Best Answer
TL;DR You need to delegate authority for the sub-zone in the parent zone.
To do this create an NS record in the parent zone that resolves to the value of the NS record in the sub-zone e.g.
ns-108.awsdns-13.com. ns-1006.awsdns-61.net. ns-1346.awsdns-40.org. ns-1875.awsdns-42.co.uk.
Troubleshooting context: Let's assume this has nothing to do with AWS, VPC attributes, or the local resolver configuration.
You might have to install
dig
with a command likesudo yum -y install bind-utils
.Pick one of the authoritative nameservers from the list e.g.
dig +short -tNS example.com.
Query the picked nameserver for the anchor record e.g.
dig +short example.com. @ns-290.awsdns-36.com.
This will tell you whether recursive resolvers elsewhere on the internet will eventually start answering requests for the same name.
If the query above for type=NS records of the zone do not show that authority has shifted to Route53, then either not enough time has passed or you haven't delegated authority to the NS recordset in your Route53 hosted zone at the registrar.