Hosted zone not configured properly for workmail

0

Hi I recently transfered my domain to route 53 but am having an issue when setting up Workmail. I went through the setup process, and made it to a screen with a list of records that need to be created in my hosted zone. On this screen there is an alert with the following message:
Amazon Route 53 hosted zone is not configured correctly
You have a Route 53 hosted zone for this domain, but you need to make it authoritative. To do that, see the Route 53 documentation .

Additionally there are records listed on this page that are labeled as missing even though I have clearly created them in my hosted zone. There are a couple that are also in pending state. I tried looking online about making a domain authoritative but can not find anything of value. I also tried looking at the provided documentation, which was telling me to update my dns records, which are already updated.

Any help would be greatly appreciated.

Thank you

asked a year ago97 views
5 Answers
1

Hi.

I also took a look at your domain configuration. Robin's point about multiple hosted zones is likely to be the problem. You can investigate it as follows:

Run the following command:
$ nslookup -type=NS <YOUR DOMAIN>

It will return 4 name servers that are currently configured to be responsible (authoritative) for your domain name.

Now, go back to the domain details page in WorkMail console and click "Route 53 hosted zone" link in the message. It should take you to the matching Route 53 hosted zone in your account. Check the value of "NS" records in that hosted zone. Does that match the 4 name servers that you see in the output above? If not, you have two options:

a) Make this hosted zone the authoritative one for your domain name by updating the name servers for your domain. For that, you can refer to Route 53 documentation: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html

b) Find which hosted zone your actual NS records (in nslookup output) refers to. Go to that hosted zone and add the required DNS records. You may want to delete the other hosted zone to avoid any future conflicts.

Do the NS records in your hosted zone match nslookup output? Then we need further investigation. Please take a screenshot of your Route 53 hosted zone and send me as a private message.

Best regards,
Murat from Amazon WorkMail

answered a year ago
0

Hi,

I'm sorry to hear you're experiencing problems with verifying your domain. I took a look at your account and checked the added custom domain. While the domain looks correctly configured with the correct NS and SOA records, I'm unable to resolve the required WorkMail records. It looks like there is some configuration error on the Route 53 side, but I cannot look into that.

Do you have multiple Route 53 hosted zones for your domain?

Kind regards,
Robin

MODERATOR
answered a year ago
0

murat-aws wrote:
Hi.

I also took a look at your domain configuration. Robin's point about multiple hosted zones is likely to be the problem. You can investigate it as follows:

Run the following command:
$ nslookup -type=NS <YOUR DOMAIN>

It will return 4 name servers that are currently configured to be responsible (authoritative) for your domain name.

Now, go back to the domain details page in WorkMail console and click "Route 53 hosted zone" link in the message. It should take you to the matching Route 53 hosted zone in your account. Check the value of "NS" records in that hosted zone. Does that match the 4 name servers that you see in the output above? If not, you have two options:

a) Make this hosted zone the authoritative one for your domain name by updating the name servers for your domain. For that, you can refer to Route 53 documentation: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html

b) Find which hosted zone your actual NS records (in nslookup output) refers to. Go to that hosted zone and add the required DNS records. You may want to delete the other hosted zone to avoid any future conflicts.

Do the NS records in your hosted zone match nslookup output? Then we need further investigation. Please take a screenshot of your Route 53 hosted zone and send me as a private message.

Best regards,
Murat from Amazon WorkMail
You guys were fully correct, and i think this thread my stray away from workmail related questions now.

I had initially got my domain with google, and I configured an ecs instance with one of my AWS accounts lets say Account A. I dont remember the exact details but I had initially setup route 53 to point to this domain and I had copied the name servers from route 53 into google. Later I decided to transfer the domain to AWS from google onto a separate account lets say Account B. I started running into a bunch of issues, with the root cause that you had both outlined in your answers.

So to fix, I wanted to make Account B have the default hosted zone for this domain. I deleted the hosted zone from Account A. On Account B I recorded the NS for the domain, and edited the NS record set in the hosted with the NS for the registered domain. Note that in the hosted zone details section the name servers are different, and are populated with the NS that the hosted zone was originally given. Could this pose any issue? It will not let me edit these values. Additionally doing an nslookup on my domain (cntautomation.com) gives me SERVFAIL after deleting the hosted zone in Account A. I have since deleted and tried re creating a hosted zone for this domain, but am having little luck.

answered a year ago
0

I guess I needed to change the registered domains to match the hosted zones rather than changing hosted zones domains to match the registered domains. Everything is working properly now I think. Thank you very much guys

answered a year ago
0

ambringo wrote:
I guess I needed to change the registered domains to match the hosted zones rather than changing hosted zones domains to match the registered domains. Everything is working properly now I think. Thank you very much guys

Indeed, you needed to update your name servers in your domain registrars to match with your hosted zone. With Route 53 you get randomly assigned name servers, so matching the other way around is not feasible.

Glad that it worked out for you.

Best,
Murat

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions