-2

We have intermittent DNS failures. Upon troubleshooting we found from our server, (where the domain is pointed to) gives connection timeout when queried against few TLD ns. Ex: dig domain @tldns (Connection timed out;; no servers can be reached)

but dig domain @tldns +trace works. Will this connection timeouts cause intermittent failures or what is difference between +trace & notrace?

NOTE: The TLD registar were able to resolve the same TLD nameservers from their servers.

Bandari Hema
  • 9
  • 1
  • @Hema Can you add more details – Manikandan Ram Nov 23 '19 at 17:20
  • Unfortunately i cannot reveal the domain name. But the domain is failing to resolve the origin name intermittently and recovering back in 2 minutes. We are suspecting it as an issue with Top Level domain nameservers (.tw) . When we do dig mydomain @ tldnameserver it gives connection timeouts. But, dig mydomain @ tldnameservers +trace is resolved (gives nameservers of my domain as an answer). Ram, could you please let me know in which area I could add more information – Bandari Hema Nov 23 '19 at 17:32
  • Is your firewall allowing port 53 **UDP** through? – davidgo Nov 23 '19 at 17:37
  • I think you have purchased your domain from one of your hosting provider (Like Godaddy) and your server might in AWS.. – Manikandan Ram Nov 23 '19 at 17:39
  • You are facing problem from hosting site to server, Am I right – Manikandan Ram Nov 23 '19 at 17:40
  • 1
    "Unfortunately i cannot reveal the domain name." Then do not expect quick relevant replies. Domains are public, they are published to be queried by anyone... – Patrick Mevzek Nov 23 '19 at 17:49
  • Ours is a huge platform and has multiple sites hosted in route53 aws. No other domain had this problem except this. @ Ram you are right we have purchased domain name from external provider and currently hosting in AWS. All the nameservers of the domain are correctly mapped to aws nameservers – Bandari Hema Nov 23 '19 at 17:52
  • @BandariHema We regularly get people coming here who believe it's all set up correctly, but it turns out not to be the case. You may be in that scenario; we're limited in our ability to help you diagnose if you keep it a secret. – ceejayoz Nov 24 '19 at 03:38
  • Thanks for your reply ..Domain :msdconnect.tw – Bandari Hema Nov 24 '19 at 13:48

1 Answers1

2

Three things you have to be careful

  1. Check whether your Name servers are pointing to Route 53.
  2. Add only the required records in your Route 53 DNS server.

Check here for Route 53 Records

  1. Also check whether your server is accessible via IP Address that you had given in your DNS Record
Manikandan Ram
  • 389
  • 1
  • 14