Registrar guide

Adding a DKIM Record in AWS Route 53 DNS

DKIM is a TXT at [selector]._domainkey. In AWS Route 53, put only the subdomain part in Record name (blank = apex) — not the full FQDN — unless your panel says otherwise.

Exact fields (example)

Record name: google._domainkey Type: TXT Value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A..."

Name field

If the UI shows the full hostname preview, you still usually type only google._domainkey — not your registrable domain twice.

Check DKIM after publish

Open DNS Preflight →

See also: DKIM setup guide · DKIM glossary · Key length

Step by step

Step 1 Copy the hostname and TXT value from your email provider (Google, Microsoft, SendGrid, etc.).

Step 2 Go to AWS Console → Route 53 → Hosted zones → your domain → Create record and click Create record → TXT.

Step 3 Enter only the subdomain part in Record name (blank = apex) (e.g. google._domainkey). Route 53: use google._domainkey as the record name relative to the zone.

Step 4 Paste the full Content/value including v=DKIM1 and the long p= string.

Step 5 Save. Wait a few minutes.

Step 6 Run DNS Preflight to confirm DKIM passes and key strength looks sane.

FAQ

What goes in Record name (blank = apex) for DKIM?

Usually just the subdomain portion for that selector — e.g. google._domainkey. Your provider’s doc is authoritative.

Will AWS Route 53 truncate long DKIM keys?

Most modern panels, including major registrars, handle long TXT. Paste the full p= value. If verification fails, re-paste without line breaks.

Can I have multiple DKIM selectors?

Yes — different selectors are different hostnames. They don’t conflict.

DNS Preflight shows pass but my dashboard says pending — why?

Providers poll on their schedule. If DNS answers look correct, give their checker time.

Do I need CNAME instead of TXT?

Some hosts use CNAME for DKIM alignment — follow your provider. This guide covers TXT publication.

← AWS Route 53 guides

Open DomainPreflight →