Troubleshoot configuration issues in Route 53 Global Resolver

Verify client device IP addresses match configured CIDR blocks

Check for NAT or proxy devices changing source IP addresses

Ensure Access Source rules cover all expected client device IP ranges

Verify tokens are correctly configured on client devices

Check token expiration dates and renewal processes

Ensure client device clocks are synchronized for token validation

Verify client devices use protocols allowed by Access Source rules

Check that DoH and DoT configurations match token protocols

Ensure firewall rules don't block required protocols

Verify client devices are authenticated to the intended DNS view

Check that private hosted zones are associated with the correct DNS views

Review firewall rules applied to each DNS view

Review DNSSEC validation settings for compatibility with client devices

Check EDNS Client Subnet settings for privacy and performance balance

Verify firewall fail-open behavior aligns with security requirements

Review rule evaluation order and ensure correct priority assignment

Check for block rules with higher priority than intended allow rules

Test rule changes in a controlled environment before production deployment

Verify domain specifications in custom domain lists

Check wildcard patterns for correct syntax and coverage

Ensure domain lists are updated and synchronized