Join Log in
Score:1
Nat avatar Server

AWS Route 53: Transferred domain to new account - Now getting SERVFAIL

mo flag
Nat

I recently transferred a domain buymy.coffee to a new account. When I did this, I deleted the hosted zone in the old account and recreated it in the new account. I thought I got this right, but when I do an nslookup I get the error:

** server can't find buymy.coffee: SERVFAIL

I waited 10 days just to be sure this wasn't a caching issue.

Here's some additional information:

Route 53 hosted zone entry

Domain Registration entry

28
0 + 0
Score:0
Patrick Mevzek avatar Server
cn flag
Patrick Mevzek

You are in a lame delegation scenario, see https://dnsviz.net/d/buymy.coffee/YlRerw/dnssec/

In short the nameservers at registry do not match the nameservers in the delegated zone. Until that is fixed, no reliable DNS service can be guaranteed.

$ dig @$(dig NS coffee +short | tail -1) buymy.coffee NS +noall +auth
buymy.coffee.       1h IN NS ns-718.awsdns-25.net.
buymy.coffee.       1h IN NS ns-128.awsdns-16.com.
buymy.coffee.       1h IN NS ns-1310.awsdns-35.org.
buymy.coffee.       1h IN NS ns-1601.awsdns-08.co.uk.

vs

$ dig @ns-718.awsdns-25.net.  buymy.coffee NS

; <<>> DiG 9.18.1 <<>> @ns-718.awsdns-25.net. buymy.coffee NS
; (1 server found)
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16686
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: da92eec7b8a2a23b
;; QUESTION SECTION:
;buymy.coffee.      IN NS

;; QUERY SIZE: 53

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 16686
                                       ^^^^^^^

So the nameservers used (set at registry for the delegation) are not the correct one or they are not configured correctly. Inquire with your DNS provider.

0 + 0
Nat avatar
mo flag
Nat
Thanks so much for your answer. Trying to reach out to AWS for support on this. Do you know of a way to see a history of nameservers for this domain? I deleted the hosted zone entry in a different AWS account. (I'll upvote as soon as I have enough rep)
0
Reply
Patrick Mevzek avatar
cn flag
Patrick Mevzek
https://completedns.com/dns-history/ shows domain created on March 15 with same nameservers. Your registrar should be able to give you full previous history of the domain as nameservers change have to be down through the registrar. Registrar and DNS provider are two completely separate jobs, that can be done by a single entity if so chosen.
0
Reply
Tim P avatar
af flag
Tim P
The easiest and fastest way to fix this is going to be to update the name server at the registrar (domain registration entry). They should match the name servers listed at the TOP of the Route53 console screen (expand "Hosted zone details"). You will also want to fix your NS entry (in Route53) to match the values at "Name servers" the TOP of the Route53 console screen as well.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.