0

I have a domain that is registered with google domains. I want to use Amazon SES on it so I verified the domain (done) and now I am trying to set up DKIM.

Following Amazons guidelines we have to add three CNAME records to the domain. I set them up in google domains and if I dig one of them I see:

; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> <key1>._domainkey.<site>.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5730
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;<key1>._domainkey.<site>.com. IN   A

;; Query time: 62 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Sep 22 18:29:21 CEST 2020
;; MSG SIZE  rcvd: 88

So I expect the record is correctly set up. But Amazon SES keep failing in validating (and doesn't explain why).

I read this answer hoping to find a solution but this doesn't apply to my situation.

Lelio Faieta
  • 145
  • 1
  • 9

1 Answers1

1

Actually, no, the dig you posted there showed that it didn't find the record, it's showing you the question you asked, and that it was for an A record (by default), and there was nothing there.

You should have had a ";; ANSWER SECTION".

Try dig any <key1>._domainkey.<site>.com to get back all possible records.

If it doesn't return what you expect, go back to the source and double check google is issuing them.

Check what nameservers google assigned you to in the NS records section of your domain, and do a dig @<ns-hostname> any <key1>._domainkey.<site>.com

Ron Jarrell
  • 146
  • 2