Zhe explains how to make sure your
resource record sets are accessible from the Internet

route-53-reachable-resource-record-sets-zhe

I have created an Amazon Route 53 public hosted zone and added several resource record sets to it. How can I verify that these resource record sets are accessible from the Internet?

When you create an Amazon Route 53 hosted zone, Amazon Route 53 automatically creates a name server (NS) resource record set and a start of authority (SOA) resource record set for the zone. The NS resource record set lists the four authoritative name servers for the hosted zone. For more information about the NS and SOA resource record sets, see NS and SOA Resource Record Sets that Amazon Route 53 Creates for a Public Hosted Zone.

All other resource record sets in the hosted zone are created to tell the Domain Name System (DNS) how you want traffic for the resources to be routed. For more information, see Values that You Specify When You Create or Edit Amazon Route 53 Resource Record Sets.

To verify that resource record sets created in an Amazon Route 53 publc hosted zone are accessible from the Internet, start by getting the list of name servers associated with the public hosted zone as described in Getting the Name Servers for a Public Hosted Zone. The following screenshot is from an Amazon Route 53 public hosted zone named example.com that has been populated with a few resource record sets:

dig-1

The name servers for the public hosted zone are listed as four distinct values in the NS resource record set. To verify Internet access to the resource record sets, you can use a dig web interface or the Linux dig utility to query one of the name servers listed in the NS resource record set.

Query an internet search engine for "Dig web tool" to locate a publicly available dig web interface and enter the requested parameters to verify Internet accessibility to resource record sets in an Amazone Route 53 public hosted zone.

The following screenshot of the Amason Route 53 public hosted zone named example.com is highlighted with the parameters necessary to verify Internet accessibility to the designated MX resource record set:

dig-2

By entering the areas highlighted in red into a dig web interface, you can run the Linux dig utility equivalent of the following command to return the area highlighted in green and verify Internet accessibility to the designated MX resource record set:

     dig @ns-###.awsdns-##.com  mailserver1.example.com  MX

Note
For purposes of this article, the '#' symbol represents a numeric value contained in an authoritative name server listed in the NS resource record set of the public hosted zone. The '#' symbol is also used to represent numeric values contained in IP addresses returned by the Linux dig utility.

dig-3

Run the Linux dig utility to query name servers using the following syntax:

     dig @authoritative_nameserver  domain_name  record_type

Where:

  • authoritative_nameserver – one of the four authoritative name servers that comprise the delegation set associated with the public hosted zone. The authoritative name servers are listed in the NS resource record set of the public hosted zone.
  • domain_name – the record name listed in the Name column of the corresponding resource record set.
  • record_type – the record type listed in the Type column of the corresponding resource record set. For more information about Route 53 resource record set types, see Supported DNS Resource Record Types.

Note
The syntax required for the dig utility can vary depending on the Linux distribution that you are using. Run the following command to verify the syntax for the dig utility on your Linux instance:

     man dig

For more information about the dig utility, see dig – DNS lookup utility.

The following example was run on an EC2 Linux instance of Ubuntu 15.04 to verify Internet accessibility to the MX resource record set created in the public hosted zone example.com:

dig-4

The following dig commands could be used to verify Internet accessibility to the other resource record sets created in the Amazon Route 53 public hosted zone example.com:

'TXT' resource record set
$ dig @ns-###.awsdns-##.com  _text_.example.com  TXT

'CNAME' resource record set
$ dig @ns-###.awsdns-##.com  cname.example.com  CNAME

'NS' resource record set
$ dig @ns-###.awsdns-##.com  subdomain.example.com  NS

'A' resource record set
$ dig @ns-###.awsdns-##.com  www.example.com  A


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2015-08-07