为什么我在指向 Amazon S3 存储桶或静态网站的 Route 53 中的域记录没有解析?

上次更新日期:2021 年 4 月 23 日

我在 Amazon Route 53 中有一条指向 Amazon Simple Storage Solution (Amazon S3) 存储桶或静态网站的域记录。但是,该域名无法解析。该如何排查此问题?

解决方法

注意:如果您在运行 AWS CLI 命令时遇到错误,请确保您运行的是最新版本的 AWS CLI

查看您的 Route 53 配置

确认域的别名或 CNAME 记录指向正确的网站终端节点。根据您所在区域,您的 Amazon S3 网站终端节点必须遵循以下格式之一:

  • s3-website dash (-) Region — http://bucket-name.s3-website-Region.amazonaws.com
  • s3-website dot (.) Region — http://bucket-name.s3-website.Region.amazonaws.com

查看您的 Amazon S3 存储桶配置

为网站托管配置 Amazon S3 存储桶时,必须为存储桶指定与要用于将流量路由到存储桶的记录相同的名称。例如,要将“example.com”的流量路由到为网站托管配置的 Amazon S3 存储桶,存储桶名称必须为“example.com”。

重要提示:Amazon S3 网站终端节点不支持 HTTPS。有关将 HTTPS 与 Amazon S3 存储桶结合使用的信息,请参阅:

查看您的名称服务器配置

使用以下命令,确定是否使用了正确的名称服务器以及域是否正在解析为 IP 地址:

dig <domain_name> +trace

DNS 查询必须定向到正确的名称服务器集才能响应 DNS 查询。

注意:解析 IP 地址不是静态的。

示例输出:

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.amzn2.2 <<>> swapnil.live +trace
;; global options: +cmd
.            518400    IN    NS    D.ROOT-SERVERS.NET.
.            518400    IN    NS    E.ROOT-SERVERS.NET.
.            518400    IN    NS    F.ROOT-SERVERS.NET.
.            518400    IN    NS    G.ROOT-SERVERS.NET.
.            518400    IN    NS    H.ROOT-SERVERS.NET.
.            518400    IN    NS    I.ROOT-SERVERS.NET.
.            518400    IN    NS    J.ROOT-SERVERS.NET.
.            518400    IN    NS    K.ROOT-SERVERS.NET.
.            518400    IN    NS    L.ROOT-SERVERS.NET.
.            518400    IN    NS    M.ROOT-SERVERS.NET.
.            518400    IN    NS    A.ROOT-SERVERS.NET.
.            518400    IN    NS    B.ROOT-SERVERS.NET.
.            518400    IN    NS    C.ROOT-SERVERS.NET.
;; Received 239 bytes from 172.31.0.2#53(172.31.0.2) in 0 ms

live.            172800    IN    NS    demand.beta.aridns.net.au.
live.            172800    IN    NS    demand.alpha.aridns.net.au.
live.            172800    IN    NS    demand.delta.aridns.net.au.
live.            172800    IN    NS    demand.gamma.aridns.net.au.
live.            86400    IN    DS    27304 8 1 BB1914F4690FDC1C882FA6CEA84D14FCA6B9D38D
live.            86400    IN    DS    27304 8 2 F76B40CAC1A4F9D7B2E3ED67602D7F934FD45D9064CE78880FB73D09 B1ACD107
live.            86400    IN    RRSIG    DS 8 1 86400 20210427170000 20210414160000 14631 . YbQEzenUx/Dp6C8UcX9fsFqDjyc+eDgcU6oJRZUT63sxJfdatMpHYwWT NCHA8uUTV8W+OVacXR9yduTWgt9jUdAzEHFeg0r4j1PPIDDE7mOB2UUF Fe8lEkny+1bRwXIh/9jsQ0/W5BNIBoSPHRpydE1B36i31V9BLp7KTwWJ sefnFqB8ZL1uZ8rSCw9sVRisegSvcDWZtD7huqkGVcWScLPDVr8/Qj6P 25zEKh6wNPHZDpmIdxvujPFnt7tdY95Jz6P8G7cJwXYdG6ChW7My4XJ5 NRzNjVuFDmWTQSn5S1uEXYL/160ArtHa+M/BE2PKXRxSZa+7djKP9Ida L3qdOQ==
;; Received 708 bytes from 192.5.5.241#53(F.ROOT-SERVERS.NET) in 1 ms

swapnil.live.        86400    IN    NS    ns-1744.awsdns-26.co.uk.        <--- These are the name servers that are in use.
swapnil.live.        86400    IN    NS    ns-863.awsdns-43.net.
swapnil.live.        86400    IN    NS    ns-385.awsdns-48.com.
swapnil.live.        86400    IN    NS    ns-1051.awsdns-03.org.
swapnil.live.        86400    IN    DS    45482 13 2 D64D695A19C2BEB920B376E48403B5A77A2816DB5A4AE4B7D37BF719 34F85852
swapnil.live.        86400    IN    RRSIG    DS 8 2 86400 20210509045136 20210409041400 12795 live. c71wlpB/k+75nWuVYGcp08yYqZSfeLeuaABBXZM6YFvK6HcMZzzaBkOZ bOEm9s37tfnPBDbFBAhzZaMkz6Ef8RJFnkEYqjaqTwxD/vz+Ztwb9ECB EpnXGut0iZICGpFF7Gg5nZeWDbNs/ihC0QGe63Npqful+ry0uBhwnl1I PwKbGd1VC5NGnO7jNTRwgIIGQnS5a3tFZd0HFb/U+O+cCA==
;; Received 425 bytes from 37.209.194.7#53(demand.beta.aridns.net.au) in 0 ms

swapnil.live.        5    IN    A    52.216.134.18
swapnil.live.        5    IN    RRSIG    A 13 2 5 20210415060418 20210415040413 26088 swapnil.live. mgzBciE3HMEg2ecZEIsZIa4l5UpDRi11sEe6ZFlh0d9DGormSdv5HhER zm4qcdb5IXDVe7GIQ+zp2J+5F+lYYQ==
;; Received 165 bytes from 205.251.193.129#53(ns-385.awsdns-48.com) in 15

测试后端服务器响应

使用以下命令测试后端服务器的响应:

curl -IvkL <domain_name>

示例输出:

curl -IvkL swapnil.live
* Rebuilt URL to: swapnil.live/
*   Trying 52.216.25.195...            <----- Domain resolved to an IP address
* TCP_NODELAY set
* Connected to swapnil.live (52.216.25.195) port 80 (#0)        <--- Connected to S3 bucket
> HEAD / HTTP/1.1
> Host: swapnil.live
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 403 Forbidden                <----- Response from S3 bucket
HTTP/1.1 403 Forbidden
< x-amz-error-code: AccessDenied
x-amz-error-code: AccessDenied
< x-amz-error-message: Access Denied
x-amz-error-message: Access Denied
< x-amz-request-id: 4ANTJRWVRT5489ZW
x-amz-request-id: 4ANTJRWVRT5489ZW
< x-amz-id-2: HcuMJslI/Biry9uJYhx9hSyybld0CrEeSagaNqcFJqzormpeup2aPKzW58OPgIQDZGG2rn3RPI4=
x-amz-id-2: HcuMJslI/Biry9uJYhx9hSyybld0CrEeSagaNqcFJqzormpeup2aPKzW58OPgIQDZGG2rn3RPI4=
< Date: Thu, 15 Apr 2021 05:09:16 GMT
Date: Thu, 15 Apr 2021 05:09:16 GMT
< Server: AmazonS3                      <----- Server = Amazon S3
Server: AmazonS3

<
* Connection #0 to host swapnil.live left intact