My DNS queries return with an IP address of a web server in a different region. For example, a user in the United States is being routed to an IP address of a web server located in Europe. How do I troubleshoot and resolve Amazon Route 53 geolocation routing issues?

Route 53 geolocation routing issues can be caused by following:

  • Missing default location in your geolocation routing setup
  • DNS resolver that does not support edns-client-subnet extension of EDNS0, which could lead to inaccurate determination of your location
  • Geographically diverse DNS resolvers
  • DNS changes for resource records that have not propagated globally

1.    Ensure that the resource records for your Route 53 hosted zone are configured correctly and that there is a default resource record set. For example, from the AWS Route 53 console, check the default location specified in your Route 53 hosted zone configuration.

Consider the following sample output:

>> dig images.example.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> images.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51385
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;images.example.com.             IN        A

;; AUTHORITY SECTION:
images.example.com.        60    IN        SOA    ns-1875.awsdns-42.co.uk.awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 65 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Tue Feb  7 22:02:30 2017
;; MSG SIZE  rcvd: 124

If there is no default location configured in your geolocation routing setup, the DNS response returns NOERROR for the rcode field and there is no result in the ANSWER section. To correct this, add a default location in your geolocation routing setup.

2.    Use the Route 53 Test record set from the Checking Tool to determine which resource records are returned for a specific request. For more information, see Using the Checking Tool to See How Amazon Route 53 Responds to DNS Queries.

3.    Route 53 supports the edns-client-subnet extension of EDNS0.The recursor or local name server appends edns-client-subnet to the DNS query to make a DNS lookup on the client's source IP subnet.

If this data isn't passed with the request, Route 53 uses the source IP address of the DNS resolver to approximate the location of the client and responds to geolocation queries with the DNS record for the resolver's location. If the EDNS data isn't passed to Route 53 and the client is using a geographically diverse recursive name server, this would result in a suboptimal location serving the incorrect resource record to the DNS query.

To fix this, change the recursive DNS server that supports edns-client-subnet, perform the DNS resolution, and then share the output. If the recursive DNS server doesn't support the EDNS client subnet, try using one that does; for example, Google DNS, OpenDNS, and Amazon DNS server. For EC2-Classic, the Amazon DNS server is located at 172.16.0.23. For EC2-VPC, the Amazon DNS server is located at the base of your VPC network range plus two.

4.    Check the client's DNS resolver to verify that it is geographically close their location. Route 53 uses resolver-identity.cloudfront.net to reflex the IP address where the DNS query came from. To collect IP addresses of resolvers, use a command to run every minute or schedule a cron job. For example, use one of the following:

dig resolver-identity.cloudfront.net

nslookup resolver-identity.cloudfront.net

Check the location of an IP address returned by the resolver by using Maxmind’s GeoIP database (maxmind.com/en/geoip-demo) or your favorite GeoIP database, and verify that the DNS resolver is close to the client’s public IP address.

Consider the following sample output:

dig resolver-identity.cloudfront.net

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> resolver-identity.cloudfront.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45073
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;resolver-identity.cloudfront.net.            IN        A

;; ANSWER SECTION:
resolver-identity.cloudfront.net.    10       IN        A    x.y.z.w
;; Query time: 11 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Tue Feb  7 22:45:00 2017
;; MSG SIZE  rcvd: 66

;; Query time: 11 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Tue Feb  7 22:45:00 2017
;; MSG SIZE  rcvd: 66

5.    Check to see if there are any issues with DNS propagation by using your favorite tool; for example, cachecheck.opendns.com.

Note: Aliased geolocation resource records take up to 60 seconds to reflect the changes.

Route 53, DNS, geolocation, routing


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-03-15