How to understand a recreated hosted zone is ready for DNS validation of an ACM certificate

Question

I have deleted and created an AWS Route 53 hosted zone and I want to add an public SSL certificate created and managed by Certificate Manager (ACM) Service.

The docs state that creation may take up to 48 hours to complete:

If you delete a hosted zone, you can't undelete it. You must create a new hosted zone and update the name servers for your domain registration, which can require up to 48 hours to take effect.

The question is: How would I know if the recreated hosted zone is ready to have a CNAME record set attached to validate the ACM certificate? Should I sit back for 48 hours to guarantee it?

Note: I am creating the certificate with Cloudformation and if the certificate is not validated in 12 hours, the stack creation fails and rolls back. That's why I cannot put the CNAME record on the hosted zone instantly and wait for it to be validated whenever possible.

Answer 1

This mostly has to do with whether the domain can actually resolve. So presuming that you have some sort of record configured, you can verify that it resolves.

A simple test would be to create a TXT record, or some other record in the domain, and then resolving that using dig , drill or nslookup .

Example: dig example.com will return results such as:

; <<>> DiG 9.10.6 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48750
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;example.com.           IN  A

;; ANSWER SECTION:
example.com.        4257    IN  A   93.184.216.34

;; Query time: 9 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat May 18 21:29:18 CEST 2019
;; MSG SIZE  rcvd: 56

The line to look for here is example.com. 4257 IN A 93.184.216.34 example.com. 4257 IN A 93.184.216.34 , which means it resolved successfully.