Skip to content

How to Fix AWS Route 53 DNS Not Resolving

DodaTech Updated 2026-06-24 2 min read

In this tutorial, you'll learn about How to Fix AWS Route 53 DNS Not Resolving. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

Your domain does not resolve — NXDOMAIN or SERVFAIL — Route 53 is not serving DNS responses for your domain.

Step-by-Step Fix

1. Verify the hosted zone exists

aws route53 list-hosted-zones --query 'HostedZones[?Name==`example.com.`]'

Expected output:

[
    {
        "Id": "/hostedzone/Z1234567890ABC",
        "Name": "example.com.",
        "ResourceRecordSetCount": 5
    }
]

2. Check NS record delegation

aws route53 get-hosted-zone --id /hostedzone/Z1234567890ABC --query 'DelegationSet.NameServers'

Expected output:

[
    "ns-1.awsdns-1.org",
    "ns-2.awsdns-2.co.uk",
    "ns-3.awsdns-3.com",
    "ns-4.awsdns-4.net]
]

3. Verify domain registrar NS records

dig NS example.com @whois.dns

Ensure the nameservers match the Route 53 delegation set.

4. Check the record exists

aws route53 list-resource-record-sets --hosted-zone-id /hostedzone/Z1234567890ABC --query "ResourceRecordSets[?Name==`example.com.`]"

5. Test DNS resolution

dig example.com @ns-1.awsdns-1.org

Expected output:

example.com.    300    IN    A    192.0.2.1

6. Update TTL if needed

aws route53 change-resource-record-sets --hosted-zone-id /hostedzone/Z1234567890ABC --change-batch file://record.json

Common Mistakes

Mistake Fix
NS records at registrar do not match Route 53 Update registrar with correct NS records
TTL too long for changes Set TTL to 60 seconds during Migration
Record set missing Add the required A, AAAA, or CNAME record
Domain not yet registered Register the domain or transfer it
DNSSEC misconfiguration Check DS records and signing

Prevention

  • Use Route 53 as both registrar and DNS service.
  • Set TTL to 300 seconds for production records.
  • Enable DNSSEC signing for security.
  • Monitor with Route 53 health checks.

Common Mistakes with route53 dns

  1. Using head and tail instead of pattern matching, causing runtime errors on empty lists
  2. Forgetting that lazy evaluation defers computation until the value is forced, causing space leaks with unevaluated thunks
  3. Using return to exit a function early instead of wrapping a pure value in the monad

These mistakes appear frequently in real-world AWS code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

How long does it take for DNS changes to propagate?

DNS changes propagate based on the TTL setting. With a 300-second TTL, changes take up to 5 minutes globally. NS record changes can take up to 48 hours. |||What is the difference between a hosted zone and a domain registration? A hosted zone is the DNS configuration (records). A domain registration is the ownership record with a registrar. Route 53 can do both. |||How do I test Route 53 DNS before switching? Use dig with the Route 53 nameservers directly: dig example.com @ns-1.awsdns-1.org. This bypasses the registrar delegation.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro