AWS Route 53 to Netlify domain migration

I’m trying to move my domain from being managed by AWS Route 53 to Netlify, I’ve migrated my NS as provided in Domain management section of admin on Netify and here is my dig response for NS:

❯ dig -t NS arcadechain.io

; <<>> DiG 9.10.6 <<>> -t NS arcadechain.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8941
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arcadechain.io.			IN	NS

;; ANSWER SECTION:
arcadechain.io.		2065	IN	NS	dns3.p06.nsone.net.
arcadechain.io.		2065	IN	NS	dns4.p06.nsone.net.
arcadechain.io.		2065	IN	NS	dns1.p06.nsone.net.
arcadechain.io.		2065	IN	NS	dns2.p06.nsone.net.

;; Query time: 35 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Jul 21 07:21:00 BST 2022
;; MSG SIZE  rcvd: 132

After I’ve mede the changes to that effect I allowed 3 days for DNS changes to propagate yet it didn’t work initially. I made change to SAO pointing it to SAO config of the dns1.p06.nsone.net:

In AWS Route 56 value of SOA entry is

dns1.p06.nsone.net. hostmaster.nsone.net. 1658271384 43200 7200 1209600 3600

it however looks like this in dig (note difference in details in hostmaster.nsone.net set vs domains+netlify.netlify.com in dig ):

dig -t SOA arcadechain.io
[...]
;; ANSWER SECTION:
arcadechain.io.		3541	IN	SOA	dns1.p06.nsone.net. domains+netlify.netlify.com. 1658347921 43200 7200 1209600 3600

and here is response for dns1.p06.nsone.net.

dig -t SOA dns1.p01.nsone.net
[...]

;; AUTHORITY SECTION:
nsone.net.		3300	IN	SOA	dns1.p01.nsone.net. hostmaster.nsone.net. 1658271384 43200 7200 1209600 3600

this change made site to appear in the browser.
I can’t however set my SSL as the Domain Management still don’t consider the DNS as valid:

DNS verification failed

arcadechain.io doesn't appear to be served by Netlify

Following the documentation I can confirm that Server section is set to Netlify:

❯ curl -s -v http://www.arcadechain.io 2>&1 | grep -i server

< Server: Netlify

What would be my next steps to getting it sorted?

Edit:
After few hours, with no changes to anything, the site went offline and now is not accessible.

Thanks for the tip on the SOA record values! That got my http connection working but I now have the same issue as you: SSH won’t verify the DNS.

UPDATE: I just noticed your edit. My website is also down today after it was working last night

I ended up using external DNS (AWS) and creating A records pointing to Netify. Not my ideal solution but with the level of support from netlify that all I can do at the moment.
I do understand netlify don’t do support for non-paying users - but they will never become paying if their initial experience is as good as mine.

@slav-arcadechain Agreed. I pay $15/month for an extra seat but the system still considers me a free plan member so no actual support. Very irritating.

I’ll try doing the same thing once I figure out what the old AWS name servers were before I deleted them…

Hi @acidtone if that any help the old AWS NS details are shown when Hosted zone details section is expanded:

image2312×431 38.4 KB

On AWS now I have two A record entries one for arcadechain.io and one for www.arcadechain.io both pointing to 75.2.60.5
After that I also created SSL certificates in AWS Certificate Manager.
In netlify I deleted DNS settings altogether and set www. as the primary domain as per Configure external DNS for a custom domain | Netlify Docs

Good luck

@slav-arcadechain I think I figured out part of the puzzle:

AWS has a second admin panel to set the name servers when the domain was registered with AWS. These servers seem independent of the NS records listed in the DNS panel.

Go to the Route 53 Dashboard → Domain Registration (NOT “DNS management”) → Select domain → Add or edit name servers

Screen Shot 2022-07-28 at 9.26.43 AM1354×311 63 KB

The listed servers were still pointing to AWS despite the ns records I added in the DNS management section. After I updated this list, the website was back up. The SSL tool still won’t verify the DNS for the certificate but it’s only been a day since I made the change. It’s progress, though.

Maybe this helps if you decide to try moving your DNS back to Netlify. Hopefully the certificate works after some propagation?

Tony

Well done on finding this do let us know how you getting on with the certs.

@slav-arcadechain Boom! The certificate is now installed!

https://browsertherapy.com/

@acidtone works for me too

Hey there, @acidtone and @slav-arcadechain

My apologies for the slow response from the Support Team. We do our best to monitor these forums closely, but have been a bit slow to respond the past week as we are short staffed at the moment.

I want to thank you both for your diligent updates and detailed solutions here. They will definitely be beneficial to future forums members who encounter something similar.