Home
Support Forums

Cannot re-verify custom domain

I think I made a mistake 3 months ago when trying to transfer DNS and my custom domain to netlify. I am trying to rectify that now, but still cannot get the custom domain verification process working.

netlify site name: praxis101-net.netlify.app

custom domain: praxis101.net
domain registrar: route53

I have transferred all the DNS records from route53 hosted zone to netlify domain.
See: Netlify App

And I have put the netlify dns servers into the route53 NS record for praxis101.net.

But I do not see how to get the praxis101.net A record set up. Or how to get praxis101.net verified by you all. I did this once 3 months ago, but did not copy all the records and had to revert to using route53 for everything. But now I want to use you to manage all the records for praxis101.net

I have read, over and over, the support replies and the documentation, but I do not understand how to trigger a verification process.

Any help is appreciated. Thank you.

Bill Anderson

hey bill, i am sure we can get you squared away. I’ll ask some DNS knowledgeable folks to take a look at your site when we can.

Hi, @anderbill. I see that you added NS records for Netlify DNS to your current DNS service. If you want to use Netlify DNS, instead you must replace (not add) the current NS record with the Netlify DNS NS records.

There are two ways I know of to see this. The first is by looking at the WHOIS data for the domain:

$ whois praxis101.net | grep -i 'name server'
   Name Server: NS-1458.AWSDNS-54.ORG
   Name Server: NS-1848.AWSDNS-39.CO.UK
   Name Server: NS-240.AWSDNS-30.COM
   Name Server: NS-703.AWSDNS-23.NET
Name Server: ns-1458.awsdns-54.org
Name Server: ns-1848.awsdns-39.co.uk
Name Server: ns-240.awsdns-30.com
Name Server: ns-703.awsdns-23.net

This shows the real name servers are Route 53. Now, here is a misleading check - just querying for the NS records:

$ dig +noall +answer praxis101.net NS
praxis101.net.		299	IN	NS	dns1.p08.nsone.net.
praxis101.net.		299	IN	NS	dns2.p08.nsone.net.
praxis101.net.		299	IN	NS	dns3.p08.nsone.net.
praxis101.net.		299	IN	NS	dns4.p08.nsone.net.

Why is that misleading? Because those name server will never be used. This leads me to the second test, which is a recursive (or “traced”) DNS look for those records. (Note, I’m removing all but the last 16 lines with tail for clarity’s sake.)

$ dig +trace praxis101.net NS | tail -n 16
praxis101.net.		172800	IN	NS	ns-240.awsdns-30.com.
praxis101.net.		172800	IN	NS	ns-703.awsdns-23.net.
praxis101.net.		172800	IN	NS	ns-1848.awsdns-39.co.uk.
praxis101.net.		172800	IN	NS	ns-1458.awsdns-54.org.
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN NSEC3 1 1 0 - A1RUUFFJKCT2Q54P78F8EJGJ8JBK7I8B  NS SOA RRSIG DNSKEY NSEC3PARAM
A1RT98BS5QGC9NFI51S9HCI47ULJG6JH.net. 86400 IN RRSIG NSEC3 8 2 86400 20210711054307 20210704043307 6203 net. PhQ1TlJE2wFv60QqloP9KLB2wtQLBrObJBppy/slUBSdtFLp1rivmJul Bkk4HIILopPBVFKescglrwobiO5O12lR1WQn8CUv8/2FOblfy2C6Tirs E6lm6Vaqkl8FhEn6RffSIXE8VWp/GGYUDGrAB1c5rMxL7e0RFJ3Xlt7g okox4Lb93kty4HWLYmn5dOGa0JJaXuZh7ZdGG77cfPlGBw==
LGKTV37AJS1MK7KAJ002I0LRIHV2K7NB.net. 86400 IN NSEC3 1 1 0 - LGL4QA3CK2O8M2UKTUDD521COTNP5HAF  NS DS RRSIG
LGKTV37AJS1MK7KAJ002I0LRIHV2K7NB.net. 86400 IN RRSIG NSEC3 8 2 86400 20210710053733 20210703042733 6203 net. QC+zKGvmiPTQB5PvW2JylA9oYjYERjakOaQX2pdEeWqi88dZV2Oi8KDy botIxkSJRQkZzwAFJ64vvReVmAlny92CsDgLgIp8NIoDiDZkiZWAXgvz SWesb1KySPmVEGWSKi+7gVLVUv38Q+SfL9RKEceha6mplRJ3ROWB0DCx MD1A04rSaV+VPsMZ6n5SuEKKnVR7X6B5eElSZVCq/lDrng==
;; Received 744 bytes from 192.52.178.30#53(k.gtld-servers.net) in 39 ms

praxis101.net.		300	IN	NS	dns1.p08.nsone.net.
praxis101.net.		300	IN	NS	dns2.p08.nsone.net.
praxis101.net.		300	IN	NS	dns3.p08.nsone.net.
praxis101.net.		300	IN	NS	dns4.p08.nsone.net.
;; Received 128 bytes from 205.251.194.191#53(ns-703.awsdns-23.net) in 32 ms

This shows that the AWS name servers are the authoritative servers. Tell will tell you the Netlify DNS records but, as AWS is authoritative, the Netlify DNS name server isn’t the server answering. ns-703.awsdns-23.net is the name server answering because that is the authoritative name server.

The instructions to replacing the authoritative names serves at AWS can be found here:

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-name-servers-glue-records.html#updating-name-servers-other-dns-service

If there are other questions about this, please let us know.

1 Like

Luke, thanks so much for the detail and notes.

I have successfully changed the servers in the right way.

I’ll let you know if I have other problems, but I am feeling good about this right now.

-Bill

2 Likes

One final note. I was able to solve the last problem of getting praxis101.net operational by deleting the domain record for that domain and starting over.

Thanks again for the help.
-Bill