dig +trace: no servers could be reached for my domain?

I am building my app in AWS.

I have deployed my Reactjs frontend project in an EC2 instance. Instead of users from the external internet world visiting my EC2 instance directly, I want to put it behind the AWS API Gateway. So AWS API Gateway would be the single entry point to my app's frontend and backend services. This is the plan to go with:

external world ---> AWS API Gateway ---> Network Load Balancer ---> my VPC Target Group / EC2 instances

Here is what I have done:

1. Reactjs Frontend project is running well in EC2 instance; I can visit the webpage with EC2 instance's public ip address.

2. Well configured Target Group and Network Load Balancer. I confirmed by inputting the NLB's DNS name in a browser, i.e. http://myapp-frontend-NLB-c11112esd43524rw.elb.ap-northeast-1.amazonaws.com, and it successfully loads / opens my app's frontend webpage.

3. I have created new AWS API Gateway (REST API) and configured custom domain name for it.(with the https certificate taken care of in AWS Certificate Manager).

   i.e. the custom domain is frontend.myapp.com; the API Gateway domain name is d-123sdf1234asd.execute-api.ap-northeast-1.amazonaws.com

   And I have created new NS record in my DNS provider for them, so that frontend.myapp.com points to d-123sdf1234asd.execute-api.ap-northeast-1.amazonaws.com

4. I have followed this aws doc: https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-with-private-integration.html step by step and configured the VPC link, API Resources, Integration Type, etc.

After deploying the created API, when I click open the Invoke URL, (in the form of https://123qwe123qe.execute-api.ap-northeast-1.amazonaws.com/[stage]), I can see the returned HTML code.

I expected that when I visit frontend.myapp.com in browser, DNS will eventually lead the traffic to API Gateway's domain name d-123sdf1234asd.execute-api.ap-northeast-1.amazonaws.com, and API Gateway will then pass the request to NLB and so on, and eventually load the web page / or return the same HTML code.

However, When I visit frontend.myapp.com in browser, there is no response. I thought the DNS record did not work. dig +trace docloud.iwg-inc.co.jp. gives the following result:

; <<>> DiG 9.10.6 <<>> +trace frontend.myapp.com.
;; global options: +cmd
.     3240  IN  NS  i.root-servers.net.
.     3240  IN  NS  d.root-servers.net.
.     3240  IN  NS  b.root-servers.net.
.     3240  IN  NS  m.root-servers.net.
.     3240  IN  NS  j.root-servers.net.
.     3240  IN  NS  h.root-servers.net.
.     3240  IN  NS  f.root-servers.net.
.     3240  IN  NS  g.root-servers.net.
.     3240  IN  NS  k.root-servers.net.
.     3240  IN  NS  c.root-servers.net.
.     3240  IN  NS  a.root-servers.net.
.     3240  IN  NS  l.root-servers.net.
.     3240  IN  NS  e.root-servers.net.
;; Received 811 bytes from 240d:1a:6a5:c900:e67e:66ff:fe1f:bf4c#53(240d:1a:6a5:c900:e67e:66ff:fe1f:bf4c) in 29 ms

 
 ...other results...

frontend.myapp.com.  14400 IN  NS  d-123sdf1234asd.execute-api.ap-northeast-1.amazonaws.com.
;; Received 117 bytes from 54.68.111.244#53(ns4.jp-domains.jp) in 131 ms

;; connection timed out; no servers could be reached

As you can see, frontend.myapp.com. indeed points to d-123sdf1234asd.execute-api.ap-northeast-1.amazonaws.com. as an NS record.

However, it says connection timed out; no servers could be reached.

d-123sdf1234asd.execute-api.ap-northeast-1.amazonaws.com. is the custom domain name of my API Gateway, which I have tested with the invoke URL and it is connected to services.

why would it say no servers could be reached ?

What does this mean? How can I solve it and complete the flow?

You need to create a CNAME record pointing to AWS API gateway d-123sdf1234asd.execute-api.ap-northeast-1.amazonaws.com., not an NS record.