Update my domain nameservers to recover access to a AWS account

Hi,
I’m owner of a domain X, registered in AWS, and that used to be managed via Cloudflare using the nameservers: ELSA.NS.CLOUDFLARE.COM and JONAH.NS.CLOUDFLARE.COM. My AWS account was an still is associated to that email.

A few months ago, I changed my email address and so removed the domain from my Cloudflare because I was no longer using it. However, I forgot to update my AWS account to point to the new one. It was all fine, until recently, when I tried to access my AWS account, and it required me to reset the password. As you can imagine, I could not do that, because I no longer had access to the account, and to configure the account again, I’d need to access my AWS account, which I can’t access.

I tried to add the domain again to Cloudflare, but I got different nameservers this time, aaron.ns.cloudflare.com & sharon.ns.cloudflare.com, so it doesn’t help. I also contacted AWS but they refuse to do anything about it and instead suggested to block charges in my bank account coming from AWS. It’s a bit frustrating, so I thought the easiest solution at this point was if Cloudflare could set those nameservers that I used to have before. That’d allow me to configure the email account again, and access the AWS account.

However, Cloudflare doesn’t provide human support unless you subscribe to the business plan. Is there anyone from the Cloudflare team that might be able to help with this. I’d appreciate it a lot.

That is not true. Customer on every plan can open registrar, billing and account tickets. And, we strive to deliver rapid help here :hugs:

OK

OK, that was not a necessary thing to do with the change of email, but ok.

that is the way the system is designed to work.

Sorry about aws, what is the domain, what is the issue, and how can we assist?

Hi,

I’d love to know if it’s possible to change the nameservers of craftweg for com to ELSA.NS.CLOUDFLARE.COM and JONAH.NS.CLOUDFLARE.COM. That’s all I want. Thanks

I’d love to know if it’s possible to change the nameservers

Normally, you can’t. I don’t know if support can do this in exceptional cases like this. You may want to open a support ticket, or wait for @cloonan to respond.

No, that shouldn’t be all you want.

You really need to sort out your AWS account access issue now while you have time. I’m sure AWS has account recovery options you can use. Perhaps you can begin from here: https://support.aws.amazon.com/#/contacts/aws-account-support/

Since this is an Amazon Registrar domain, you’re going to face a much bigger problem – with limited time to act – when the domain becomes due for renewal later in the year and your payment method on file fails for one reason or another.

You risk losing your domain if you don’t sort out your AWS account issue. And that should be the most important thing to work on.

3 Likes

Not really, deleting the site and re-adding will assign new nameservers, but not allow you to decide which nameservers.

Late to the conversation, but is the goal to have all domains in the account have the same nameservers? If so, that is not possible.

My tiny brain thinks in bullet points, so this is how I mapped out the problem :smiley:

  1. OP’s domain example.com is registered with AWS Registrar. The AWS account email is [email protected].
  1. Domain example.com was active on Cloudflare, and had the Cloudflare-assigned nameservers (elsa/jonah) configured in AWS.

  2. At some point, OP removed the site from Cloudflare, thereby losing all DNS records for the domain (including the MX records to route incoming emails for the domain). But the domain still has the elsa/jonah nameservers configured in AWS.

  3. Now OP is trying to access their AWS account, and AWS is forcing account verification via email. But remember 1, 2 and 3 above: the AWS account email is [email protected], but example.com is unable to route mails now because the domain was deleted from Cloudflare.

  4. The simple thing to do with most DNS managers (that give the same nameservers for all customers/domains) would be to just add the domain back, and add any MX record to receive the incoming AWS account verification email. This is what OP tried to do. Except, in the case of Cloudflare, adding the domain back means different nameservers are assigned.

  5. Sure, simple solution: go to your domain’s registrar and change the nameservers to the NEW ones assigned by Cloudflare - aaron/sharon. Except see #1: the registrar is AWS, the very account OP is unable to access without email verification, so OP cannot change the nameservers to activate the domain in Cloudflare.

So we have a catch-22 here: getting into AWS account requires activating the domain on Cloudflare, and activating the domain on Cloudflare (or any other authoritative DNS manager) requires getting into the same AWS account!

If my understanding of the problem is correct, then there are only two possible solutions:

1) Cloudflare Fix: Since the domain still has the old nameservers configured at the registrar (AWS), if Clouldfare support could somehow change the newly-assigned nameservers (aaron/sharon) to the OLD nameservers ( elsa/jonah), OP can then activate Cloudflare email routing (or add MX record for their external mail provider) to receive the AWS account verification email.

2) AWS Fix: The other possibility is for AWS support to verify the account through some other means other than email. Afterall, OP has the correct account password, previous account emails from AWS, and even payment method on file (supposedly a bank account). So proving account ownership shouldn’t be such a big deal, unless corporate policy gets in the way.

4 Likes

No chance of this happening. The nameserver change is a mandatory part of validating domain ownership and forcing it like that would violate the security and privacy protections in place for all customers.

This situation sucks but the fix would have to be on AWS side, they will need to provide alternate methods for accessing the account. Once the AWS account is accessed then the domain can be put back on Cloudflare by changing the nameservers.

In future I HIGHLY recommend not setting the account email for an account to one that is on the domain being managed by that account. Whether it’s Cloudflare or AWS, doing this is always going to result in some nasty situations like this.

Hope it gets sorted.

2 Likes

Thanks a lot everyone for the advise. I learned a very important lesson here :smiley:. I’ll see if AWS can unlock this situation.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.