AWS Route 53 – Transferred Domain to New Account, Now Getting SERVFAIL

amazon-route53amazon-web-servicesdomain-name-systemnslookup

I recently transferred a domain buymy.coffee to a new account. When I did this, I deleted the hosted zone in the old account and recreated it in the new account. I thought I got this right, but when I do an nslookup I get the error:

** server can't find buymy.coffee: SERVFAIL

I waited 10 days just to be sure this wasn't a caching issue.

Here's some additional information:

Route 53 hosted zone entry

Domain Registration entry

Best Answer

You are in a lame delegation scenario, see https://dnsviz.net/d/buymy.coffee/YlRerw/dnssec/

In short the nameservers at registry do not match the nameservers in the delegated zone. Until that is fixed, no reliable DNS service can be guaranteed.

$ dig @$(dig NS coffee +short | tail -1) buymy.coffee NS +noall +auth
buymy.coffee.       1h IN NS ns-718.awsdns-25.net.
buymy.coffee.       1h IN NS ns-128.awsdns-16.com.
buymy.coffee.       1h IN NS ns-1310.awsdns-35.org.
buymy.coffee.       1h IN NS ns-1601.awsdns-08.co.uk.

vs

$ dig @ns-718.awsdns-25.net.  buymy.coffee NS

; <<>> DiG 9.18.1 <<>> @ns-718.awsdns-25.net. buymy.coffee NS
; (1 server found)
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16686
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: da92eec7b8a2a23b
;; QUESTION SECTION:
;buymy.coffee.      IN NS

;; QUERY SIZE: 53

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 16686
                                       ^^^^^^^

So the nameservers used (set at registry for the delegation) are not the correct one or they are not configured correctly. Inquire with your DNS provider.

Related Topic