Setting Up DNS Records in AWS Route 53

This guide will walk you through adding the necessary DNS records to your AWS Route 53 domain to verify ownership and enable email authentication for Brew.

For official documentation from AWS, please visit their Adding Records page.

Prerequisites

  • An AWS account with access to Route 53
  • Your domain already hosted in Route 53
  • Your domain added to Brew (from the Set Sending Domain step)

Step-by-Step Instructions

1

Log in to AWS Management Console

Go to AWS Management Console and log in to your account.

2

Access Route 53

  1. In the AWS Management Console, search for “Route 53” in the search bar
  2. Click on “Route 53” in the search results
  3. In the Route 53 dashboard, click on “Hosted zones” in the left sidebar
  4. Select your domain from the list

3

Add MX Record

  1. In your domain’s hosted zone, click “Create record”
  2. Leave the “Record name” field with your subdomain (e.g., “mail” or “news”)
  3. Select “MX” from the “Record type” dropdown
  4. Leave “TTL (seconds)” as the default (300)
  5. For “Value”, enter “10” followed by a space and then the MX value from your Brew dashboard (e.g., “10 feedback-smtp.us-east-1.amazonses.com”)
  6. For “Routing policy”, leave it as “Simple routing”
  7. Click “Create records”

Route 53 does not have separate fields for Priority and Value for MX records. You must include the priority number followed by a space before the value (e.g., “10 your-mx-value”).

4

Add SPF Record (TXT)

  1. Click “Create record” again
  2. Leave the “Record name” field with the same subdomain you used for the MX record
  3. Select “TXT” from the “Record type” dropdown
  4. Leave “TTL (seconds)” as the default (300)
  5. For “Value”, paste the SPF value from your Brew dashboard (e.g., “v=spf1 include:spf.getbrew.ai ~all”)
  6. For “Routing policy”, leave it as “Simple routing”
  7. Click “Create records”

Route 53 automatically adds quotation marks around TXT record values, so you don’t need to add them yourself.

5

Add DKIM Records (CNAME)

For each DKIM record shown in your Brew dashboard:

  1. Click “Create record”
  2. In the “Record name” field, enter the long string ending with ._domainkey (copy exactly as shown in Brew)
  3. Select “CNAME” from the “Record type” dropdown
  4. Leave “TTL (seconds)” as the default (300)
  5. For “Value”, paste the DKIM value from your Brew dashboard
  6. For “Routing policy”, leave it as “Simple routing”
  7. Click “Create records”

When entering record names in Route 53, omit your domain from the values in Brew. For example, if Brew shows brewdkim._domainkey.yourdomain.com, enter only brewdkim._domainkey in Route 53.

6

Add DMARC Record (Optional but Recommended)

  1. Click “Create record”
  2. In the “Record name” field, enter _dmarc
  3. Select “TXT” from the “Record type” dropdown
  4. Leave “TTL (seconds)” as the default (300)
  5. For “Value”, enter v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com (replace yourdomain.com with your actual domain)
  6. For “Routing policy”, leave it as “Simple routing”
  7. Click “Create records”

7

Verify DNS Records in Brew

  1. Return to your Brew dashboard
  2. Click the “Verify Records” button at the bottom of the DNS Records page
  3. Wait for the verification process to complete

DNS changes in Route 53 typically propagate within 60 seconds, but can take up to a few minutes. If verification fails initially, wait a few minutes and try again.

Common Issues with Route 53 DNS Setup

AWS Services Integration

Amazon SES Integration

If you already use Amazon SES for sending emails, you can integrate it with Brew. Contact our support team for guidance on setting this up.

CloudFront Compatibility

If you use CloudFront for content delivery, make sure your email subdomain doesn’t conflict with any CloudFront distributions. Using a dedicated email subdomain is recommended.

Route 53 Health Checks

If you use Route 53 health checks, note that they don’t apply to MX, TXT, or CNAME records used for email authentication.

IAM Permissions

Ensure your AWS user has sufficient IAM permissions to create and manage DNS records in Route 53. You need the “route53:ChangeResourceRecordSets” permission.

Need support?

We’re here to help!

Scheduled support

Book a call with the founders — we have time slots open most days

We’re more than happy to help you set up your DNS records. Ping us on Slack (we should have connected with you by now) or through one of the mechanisms above.