Problem with name servers and AWS

Hi, I’m having a problem with changing the name servers for a domain name hosted via AWS.

I’ve done this before for another domain name without a problem, so I’m a bit stuck.

I’ve changed the name servers on AWS to the ones assigned by Cloudflare. I’ve added A records that correspond to the A records for the Hosted Zone via AWS, and a CNAME record for the domain name.

It’s been stuck at pending for 3 days now.

Any ideas?

What’s the domain?

Hi @KianNH, it’s:

It looks like your domain is still using AWS’s nameservers.

    Name servers:

It’ll need changing at the registrar level (Gandi), as opposed to adding NS records at AWS.

1 Like

Hi @KianNH, changing the name servers was the first thing I did 3 days ago.

I checked before posting here and the Hosted Zone is using “” and “”.

You have changed the nameservers in AWS when they need to be changed at your registrar, Gandi. 172800 IN NS 172800 IN NS 172800 IN NS 172800 IN NS
;; Received 748 bytes from in 8 ms 172800 IN NS 172800 IN NS
;; Received 112 bytes from in 4 ms
        Gandi [Tag = GANDI]

We had a similar issue a few days ago.

AWS uses Gandi behind-the-scenes so you don’t actually change it on Gandi. It’s a bit confusing.


Anyways, can you ensure that you’ve changed them under the Registered Domains tab on the left of Route53 instead of in the Zones section?

As in, you should not edit the NS records yourself but go Registered Domains -> <name of domain> -> Nameservers (top right) and just delete the 4 that AWS gives you and add the 2 Cloudflare ones.

Simply changing the NS records in the zone itself won’t work.


Hi @mcfadyeni, I’ve changed the name servers within Registered Domains.

Do I still need to make changes via Gandi?

It is what @KianNH wrote, plus check your SSL configuration on your server as that does not seem to be configured correctly.

It depends. If you’ve actually used Route53 as your registrar (and it just appears as Gandi on Whois) then no.

If you’ve actually used Gandi yourself, then yes. But I expect that Route53 Registered Domains is enough.

And yeah, I’d check your SSL config.


Those changes looked to have worked.

I’m using Nginx, so I imagine I’ll need to do something with that to support SSL / TLS?


Yup. You’ll need to install a Cloudflare Origin Certificate on your server and then switch your SSL mode to Full Strict (not regular Full which is less secure) on the Cloudflare dashboard.

There’s a guide on how to generate a certificate and add it to NGINX here: Origin CA certificates · Cloudflare SSL/TLS docs

Yeah, I remembered doing this last time.

Everything’s working as it should be.

Much appreciated!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.