DNS resolution fails intermittently - Amazon Route 53

DNS resolution fails intermittently

If your browser displays a "Server not found" error when you try to browse to a domain (example.com) or a subdomain (www.example.com), here are some common explanations.

You transferred a domain to Route 53 and DNSSEC is enabled

If you transfer a domain to Route 53 while DNSSEC is enabled, the DNSSEC public keys are transferred too. If you use Route 53 as the DNS service for the domain, DNS resolution fails or succeeds depending on whether the DNS recursive resolver supports DNSSEC:

When the recursive resolver supports DNSSEC, resolution fails

A recursive resolver that supports DNSSEC tries to use the public keys for the domain to verify that the record that it gets from Route 53 is legitimate. However, Route 53 doesn't support DNSSEC for DNS, so the record that it returns to the resolver isn't signed. The resolver responds to the DNS query with a SERVFAIL error.

When the resolver doesn't support DNSSEC, resolution succeeds

A recursive resolver that doesn't support DNSSEC doesn't try to verify that the record from Route 53 is legitimate. The resolver responds to the DNS query with the response that it gets from Route 53.

To resolve this problem, delete the public keys for your domain. For more information, see Deleting public keys for a domain.