-1

enter image description here

Does anyone know how long it takes for google to authenticate a DKIM TXT DNS entry?

The entry sits in AWS Route53 and the record is correctly saved, the record is only on a 10 second TTL.

Google seems to be happy with reading the record.

But... it has been sat like the image now for over 4 hours.

Is it meant to take this long, or does anyone have any tips?

Improve this question
5
  • 2
    For clarity, is there any problem at all?
    – Håkan Lindqvist
    Apr 14, 2022 at 15:09
  • Maybe then this is the question. Is this what the google interface is meant to look like when authenticating a DKIM? Or should there be an indication that the authentication was a success? It is next to impossible for me to tell if there is or is not anything wrong.
    – John
    Apr 14, 2022 at 15:33
  • 1
    To my knowledge, this is what it looks like when DKIM is active, hence "authenticating email". Maybe that is the whole confusion?
    – Håkan Lindqvist
    Apr 14, 2022 at 15:35
  • Ah right I see.. yes that really confused me. I was expecting some sort of response from the UI to say "all good"... doesn't help things that there is a save button greyed out too :D
    – John
    Apr 14, 2022 at 16:09
  • to be honstly the question needs more focus. a dns change takes days even on low ttl that any dns on earth knows about the changes
    – djdomi
    Apr 14, 2022 at 17:24

1 Answer 1

Reset to default
0

Provided that you created the resource records correctly the first time, there is no delay. Since have been waiting, that means either you:

  • created a resource record incorrectly,
  • named the resource record incorrectly,
  • did not create the resource record before the first time Google queried for the record (and received NXDOMAIN).

Comments:

  1. Current TTL does not affect previously cached records.

  2. If a previous query received NXDOMAIN, that response (error) is cached. The SOA record indicates how long you will have to wait. This is a common reason for delayed success.

  3. Your question lacks details of what record Google specified and what record you created. Since DNS records are public, there is no need to hide them. Providing those details makes it very simple to tell you what is wrong.

  4. Use Internet-based tools to verify your DMARC/DKIM/SPF records. I use this site and this site.

  5. If the resource records are correct and verified by an external tool and you have waited up to 48 hours with no success, start the process over again with Google.

Suggestion:

You can flush the DNS cache. This can help when incorrect DNS records are cached.

Delete what you have created, flush DNS, and restart the process with Google.

Google DNS Flush Cache

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .