Help Center> Cloud Certificate & Manager> FAQs> Verification of the Domain Name Ownership - SCM> How Can I Check Whether DNS Verification Takes Effect for Windows OSs?
View PDF

How Can I Check Whether DNS Verification Takes Effect for Windows OSs?

This topic describes how to check whether domain ownership DNS verification takes effect on Windows OSs.

After you apply for a certificate, complete the domain ownership verification by DNS.

  1. On the Windows menu, click Start and enter cmd to start the command dialog box.
  2. Run the following command in the cmd dialog box to check whether the configuration of DNS verification takes effect:

    nslookup -q=TXT xxx

    xxx indicates the Host Record value returned by the domain name service provider.

    • If the record value in the command output (value of text) is the same as that returned by the domain name service provider, the configuration of domain name ownership verification has taken effect. Figure 1 shows an example.
      Figure 1 Effective configuration of domain name ownership verification
    • If the command output does not contain a TXT record and Non-existent domain is displayed, the configuration does not take effect.
      Figure 2 Non-effective domain name verification configuration

  3. If the configuration of DNS verification does not take effect, rectify the fault based on the following possible causes until the verification takes effect:

    Table 1 Possible causes

    Possible Cause

    Procedure

    The record configuration is incorrect.

    Check whether the Name or Type is correct.

    The following uses the DNS configuration on HUAWEI CLOUD as an example:

    Figure 3 Adding a record

    The returned host record varies depending on the domain name service provider. The following are two examples:

    Example:
    • If the host record returned by the domain name service provider is _dnsauth.www.huawei.com, set Name to _dnsauth.
    • If the host record returned by the domain name service provider is www.huawei.com, leave Name empty.
    NOTICE:

    Check whether full domain names are supported. If not, delete the suffix of the root domain name.

    It requires a long period of time for the configuration to take effect.

    Check whether the effective time (TTL) is too long. It is recommended that you set the TTL to 5 minutes. This value varies depending on the DNS service provider. In HUAWEI CLOUD DNS, the default value is 5 minutes, so the configuration takes effect within 5 minutes by default.

    If the configured effective time does not arrive, verify after the time is right.

    Figure 4 Setting TTL