One-time DNS Configuration for Amazon Route 53
Updated over a week ago

Sign in and Edit DNS Records

  1. Sign in to the AWS Management Console and open the Route 53 console

  2. In the navigation pane, choose 'Hosted Zones'

  3. On the 'Hosted Zones' page, choose the name of the domain that you want to configure

  4. Choose `Create Record Set` to add a new record


  1. Create a record with:

    Name: _dmarc
    Type: NS

  2. Set the TTL to 600
    (You can pick another Time To Live value, but we recommend 600 seconds)

  3. Click 'Create'

  4. Delete the “_dmarc” TXT record from your DNS zones after you’ve added the NS record if one exists


Just as you've created an NS record for the _dmarc subdomain, now you will need to create a similar one for the _domainkey subdomain.

  1. Add another record set

  2. The NS record should have a name of _domainkey with a value of and a TTL of 3600


To delegate SPF to Valimail for email authentication, you'll need to add a TXT record that includes Valimail's SPF macro.

Add the following TXT record for your domain:

  • Name:

  • Type: TXT

  • Value: v=spf1 include:%{i}._ip.%{h}._ehlo.%{d} ~all

  • TTL: 600 seconds

NOTE: if you're adding the TXT record by script, be aware of escape characters necessary to keep the macro together. You may need to use double percent signs eg: 
v=spf1 include:%%{i}._ip.%%{h}._ehlo.%%{d} ~all"

Read more about Valimail's SPF solution.

Did this answer your question?