"Your Route 53 hosted zone for this domain needs to be set as authoritative" WorkMail domain cannot be verified

Question

I registered a domain using Route53 that was later transferred from that AWS account to a different AWS account in which I am now trying to provision WorkMail.  I created the hosted zone in Route53 for that domain and added the domain to Workmail, copied all the records from WorkMail, and imported them into the Route53 hosted zone records.  When I click on this domain in WorkMail,  I get the following "Amazon Route 53 hosted zone is not configured correctly." "domain needs to be set as authoritative" and the domain stays in "Pending Verification" till it reaches the "verification failed" 3 days later.  When I do the  nslookup -type=NS, it cannot find the name servers for this domain, however, it does find my other domains registered through Route53.  I have tested the records for this domain in the console and they are correct.  Please help.  Thank you.

Accepted Answer

Hi,

It seems that you didn't complete the transfer from a different AWS account for your zone.

Make sure that in Route53 -> Hosted zone -> your-domain you have the same NS records as in Route53 -> Registered domains -> your-domain.
If not, put proper records in Route53 -> Hosted zone -> your-domain

Here is screenshots to help
![Enter image description here](/media/postImages/original/IMnTtGxZ2hTkKStSfrfGYaNw)
![Enter image description here](/media/postImages/original/IMIcnByYn5RDyowJMRA-TuXA)

Answer

I have seen something similar before with lightsail.

Do you have dns sec enabled on your domain but not  configured? If so you need to disable dns sec on your r53 zone/domain in order to resolve the name servers.

"Your Route 53 hosted zone for this domain needs to be set as authoritative" WorkMail domain cannot be verified

Contenido relevante