Help Center/ Cloud Certificate Manager/ FAQs/ Domain Name Ownership Verification/ How Can I Check Whether DNS Verification Takes Effect for Windows OSs?
Updated on 2024-09-18 GMT+08:00
View PDF
Share

How Can I Check Whether DNS Verification Takes Effect for Windows OSs?

This topic describes how to check whether domain ownership DNS verification takes effect on Windows OSs.

After you submit a certificate application to the CA, complete the domain ownership verification by DNS.

  1. On the Windows menu, click Start and enter cmd to start the command dialog box.
  2. Check whether the DNS configuration takes effect by running the corresponding command listed in Table 1.

    Table 1 Verification commands

    Record Type

    Verification commands

    TXT

    nslookup -q=TXT xxx

    CNAME

    nslookup -q=CNAME xxx

    xxx indicates the Host Record value returned by the domain name service provider.

    • If the record value in the command output (value of text) is the same as that returned by the domain name service provider, the configuration of domain name ownership verification has taken effect. Figure 1 shows an example.
      Figure 1 Effective configuration of domain name ownership verification
    • If the command output does not contain any records and Non-existent domain is displayed, the configuration does not take effect.
      Figure 2 Non-effective domain name verification configuration

  3. If the configuration of DNS verification does not take effect, rectify the fault based on the following possible causes until the verification takes effect:

    Table 2 Possible causes

    Possible Cause

    Procedure

    A wrong domain name management platform was selected.

    DNS verification can be performed only on the platform where your domain name is hosted. Check whether the platform you select is the right one.

    The old record set is not deleted.

    The record added can be deleted once the current certificate is issued.

    If the record added for the previous certificate is not deleted, the record added for the current certificate will not take effect. Check whether the record added last time is deleted.

    The record configuration is incorrect.

    Check settings of Host Record, Type or Value.

    Figure 3 Adding a record

    It requires a long period of time for the configuration to take effect.

    Check whether the effective time (TTL) is too long. It is recommended that you set the TTL to 5 minutes. This value varies depending on the DNS service provider. In our DNS platform, the default value is 5 minutes, so the configuration takes effect in 5 minutes by default.

    If the configured effective time does not arrive, verify after the time is right.

    Figure 4 Setting TTL