How can I troubleshoot Pending Verification domain name issues for VPC endpoint services?
3 minute read
I'm configuring a private DNS name for my Amazon Virtual Private Cloud (Amazon VPC) endpoint service (AWS PrivateLink) and setting up a DNS TXT record. The domain verification status is stuck in Pending Verification. How can I troubleshoot this?
The following are common reasons for the domain verification status to be stuck in the Pending Verification status:
You're using a domain name that isn't owned by you or your organization.
You created a TXT record in private zone file instead of public zone file.
The domain registrar has the wrong name servers for your domain.
You're using a domain name that isn't owned by you or your organization
The endpoint service provider can only use a domain name that's owned by you or your organization as a private DNS name. For example, you can't use “amazonaws.com“ as the private DNS name because that domain is owned by Amazon.
You created a TXT record in a private zone instead of public zone
AWS verifies the ownership of the domain name provided under endpoint services. This is done by querying TXT records against the authorized public name server configured under the domain registrar. Verification fails if the user configured the TXT record on a private zone file because it can't be queried publicly.
You can check whether the TXT record value is created in the publicly-verifiable domain or not by using the nslookup command. This command works in both Windows and Linux machines: