AWS Simple Email Service (SES) Domain Verification in BIND zone file

Recently I had to verify a domain for use with AWS SES.  Creating the initial Domain Verification request is simple in the AWS Console and if your domain is in Route53 then Domain Verification is automatic.  However, the domain I needed to verify was running on DNS servers we manage ourselves (I work for a Service Provider) and these run BIND.  So here is a quick copy / paste format for the entry in your zone file once you create the Domain Verification.

Create the AWS SES Domain Verification request:-

aws_ses_bind_1Grab the TXT verification details:-

aws_ses_bind_2Now go to your DNS server, edit the zone file and insert the new record in the following format (note the ” marks around the record):-

To check your domain you can either run nslookup or dig (my personal preference is for dig). I also like to check DNS propagation and so bounce the query off an external DNS server (usually Google public DNS servers).

Dig method:-

NSlookup method

Google DIG Tool Method (

After some time some when DNS has propagated a background AWS automated process will check your domain and then verify.  At which point it should look like this:-


Leave a Reply

Your email address will not be published. Required fields are marked *