By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

"Your Route 53 hosted zone for this domain needs to be set as authoritative" WorkMail domain cannot be verified

0

I registered a domain using Route53 that was later transferred from that AWS account to a different AWS account in which I am now trying to provision WorkMail. I created the hosted zone in Route53 for that domain and added the domain to Workmail, copied all the records from WorkMail, and imported them into the Route53 hosted zone records. When I click on this domain in WorkMail, I get the following "Amazon Route 53 hosted zone is not configured correctly." "domain needs to be set as authoritative" and the domain stays in "Pending Verification" till it reaches the "verification failed" 3 days later. When I do the nslookup -type=NS, it cannot find the name servers for this domain, however, it does find my other domains registered through Route53. I have tested the records for this domain in the console and they are correct. Please help. Thank you.

Topics
Networking & Content DeliveryBusiness Applications
Tags
Amazon Route 53Amazon WorkMailRoute 53 Registrar
Language
English
CloudProp
asked 5 months ago217 views
2 Answers
1
Accepted Answer

Hi,

It seems that you didn't complete the transfer from a different AWS account for your zone.

Make sure that in Route53 -> Hosted zone -> your-domain you have the same NS records as in Route53 -> Registered domains -> your-domain. If not, put proper records in Route53 -> Hosted zone -> your-domain

Here is screenshots to help Enter image description here Enter image description here

profile picture
EXPERT
Dmytro Sirant
answered 5 months ago
  • CloudProp
    5 months ago

    I confirmed that the hosted zone NS records are identical to the NS records in the Route53 registered domain. I've also confirmed the NS records returned by AWS CloudShell are correct (aws route53domains get-domain-detail...) . And there is also an Operation ID for the domain transfer under requests in Route53. What else should I check or do? Thanks for your help.

  • Dmytro Sirant EXPERT
    5 months ago

    Weird, what NS servers whois your_domain_name shows? The same you have in your hosted zone?

1

I have seen something similar before with lightsail.

Do you have dns sec enabled on your domain but not configured? If so you need to disable dns sec on your r53 zone/domain in order to resolve the name servers.

profile picture
EXPERT
Gary Mclean
answered 5 months ago
  • Gary Mclean EXPERT
    5 months ago

    What was the issue in the end?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content