"Your Route 53 hosted zone for this domain needs to be set as authoritative" WorkMail domain cannot be verified

0

I registered a domain using Route53 that was later transferred from that AWS account to a different AWS account in which I am now trying to provision WorkMail. I created the hosted zone in Route53 for that domain and added the domain to Workmail, copied all the records from WorkMail, and imported them into the Route53 hosted zone records. When I click on this domain in WorkMail, I get the following "Amazon Route 53 hosted zone is not configured correctly." "domain needs to be set as authoritative" and the domain stays in "Pending Verification" till it reaches the "verification failed" 3 days later. When I do the nslookup -type=NS, it cannot find the name servers for this domain, however, it does find my other domains registered through Route53. I have tested the records for this domain in the console and they are correct. Please help. Thank you.

已提問 1 年前檢視次數 359 次
2 個答案
2
已接受的答案

Hi,

It seems that you didn't complete the transfer from a different AWS account for your zone.

Make sure that in Route53 -> Hosted zone -> your-domain you have the same NS records as in Route53 -> Registered domains -> your-domain. If not, put proper records in Route53 -> Hosted zone -> your-domain

Here is screenshots to help Enter image description here Enter image description here

profile picture
專家
已回答 1 年前
profile picture
專家
已審閱 4 個月前
  • I confirmed that the hosted zone NS records are identical to the NS records in the Route53 registered domain. I've also confirmed the NS records returned by AWS CloudShell are correct (aws route53domains get-domain-detail...) . And there is also an Operation ID for the domain transfer under requests in Route53. What else should I check or do? Thanks for your help.

  • Weird, what NS servers whois your_domain_name shows? The same you have in your hosted zone?

1

I have seen something similar before with lightsail.

Do you have dns sec enabled on your domain but not configured? If so you need to disable dns sec on your r53 zone/domain in order to resolve the name servers.

profile picture
專家
已回答 1 年前
  • What was the issue in the end?

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南