Introduction
When I tried to set up a subdomain managed by Sakura Internet for an app hosted on AWS Amplify, I encountered an issue where it was stuck at “Verifying domain ownership…” and would not proceed.
The cause was a specification unique to Sakura’s DNS. I hope this is helpful for those experiencing the same issue.
Environment
- AWS Amplify Hosting
- Sakura Internet Domain Control Panel
- Name servers: ns1.dns.ne.jp / ns2.dns.ne.jp
Symptoms
After setting the CNAME records as instructed by Amplify’s custom domain setup screen, the status remained at “Verifying domain ownership…” indefinitely.
Instructions from Amplify
Amplify requests the following DNS record settings:
1. For SSL Certificate Verification
| Hostname | Type | Value |
|---|---|---|
_abc123.your-subdomain.example.com. | CNAME | _def456.xyz.acm-validations.aws. |
2. For Subdomain Forwarding
| Hostname | Type | Value |
|---|---|---|
your-subdomain | CNAME | xxxxx.cloudfront.net |
Cause
When I checked with the dig command, the domain name was being doubled in the CNAME value.
In Sakura’s DNS, if the CNAME value does not have a trailing dot (.), the zone name (domain name) is automatically appended.
Solution
When setting CNAME records in Sakura’s Domain Control Panel, you must always append a dot (.) at the end of the value (data).
Correct Configuration Example
| Entry Name | Type | Data |
|---|---|---|
_abc123.your-subdomain | CNAME | _def456.xyz.acm-validations.aws. <– trailing . |
your-subdomain | CNAME | xxxxx.cloudfront.net. <– trailing . |
Note: Amplify’s instruction screen may not show the trailing dot for the second record (cloudfront.net), but in Sakura’s DNS, both require the trailing dot.
Why the Trailing Dot Is Needed
This is related to DNS specifications.
- FQDN (Fully Qualified Domain Name) is written with a trailing dot (.)
- Example:
example.com.(with trailing dot) = “This is the complete domain name”
- Example:
- Without the trailing dot, some DNS servers interpret it as a relative name and automatically append the current zone name
Behavior Differences by DNS Provider
| DNS Provider | Trailing Dot Handling |
|---|---|
| Sakura Internet | Required (domain name is automatically appended without it) |
| Amazon Route 53 | Automatically supplemented |
| Onamae.com | Often automatically supplemented |
Since Amplify’s setup screen is written assuming Route 53 usage, caution is needed when configuring with Sakura’s DNS.
How to Verify After Configuration
After DNS configuration, you can verify correct propagation with the following commands.
If the correct CNAME target is displayed in the ANSWER SECTION, it is OK.
DNS propagation may take from a few minutes to several hours. Even if you cannot verify immediately after configuration, try checking again after a while.
Official Explanation from Sakura Internet
Sakura’s support page also states the following:
In the Domain Control Panel, for record types where a hostname is entered in the data field such as NS records, MX records, and CNAME records, a trailing “.” (dot) is required. Without the trailing dot, the zone’s custom domain name is automatically supplemented, resulting in an incorrect value being specified. Please be careful when editing records.
Reference: About the Domain Control Panel | Sakura Support Information
Summary
- When setting CNAME records in Sakura’s DNS, always append a dot (.) at the end of the value
- Even if Amplify’s instruction screen doesn’t show the dot, Sakura requires it
- After configuration, verify correct propagation with the
digcommand - If things are not working, deleting the record and re-setting it may resolve the issue
Without knowing this specification, you can waste hours, so please be careful if you are configuring with the same combination!