How to Check Whether the UltraDNS and CertCentral Integration Is Working for Automatic DCV Revalidation

This article explains how to verify that the UltraDNS and DigiCert CertCentral integration is working correctly for automated Domain Control Validation, or DCV, revalidation. It also explains what conditions must be met for UltraDNS automation to successfully create and remove _dnsauth TXT records on your behalf.

When to Use This Article

• You want to confirm that the UltraDNS and CertCentral integration is active for a domain.
• You need to verify whether automated _dnsauth TXT record creation and deletion is working.
• You want to know whether UltraDNS automation will handle upcoming DCV revalidation for a domain.
• You are troubleshooting why automated DCV revalidation is not occurring as expected.

How the Integration Works

When the UltraDNS and CertCentral integration is working correctly, UltraDNS can automatically create and remove _dnsauth TXT records used for domain control validation. This automated activity is performed by the ultradns_system user and typically occurs on a recurring schedule.

For the automation to work, the domain must be visible to CertCentral and the domain must be delegated to UltraDNS authoritative name servers. If the domain is not delegated to UltraDNS, external validation systems will not be able to find the TXT records that UltraDNS creates.

How to Check Whether the Integration Is Working

1. Sign in to the UltraDNS portal at https://portal.ultradns.com/.
2. Select Domains.
3. Locate the domain and confirm that Visible to CertCentral is enabled.
4. Select Audit.
5. Select User and choose ultradns_system from the list.
6. Review the audit activity for the domain.
7. Confirm whether _dnsauth TXT records are being added and deleted for the domain.

What to Look For

If you see _dnsauth TXT records being added and later deleted by the ultradns_system user, the integration is working. This automated activity normally occurs on a weekly cycle.

You should also confirm that the domain is delegated to UltraDNS. This means the domain registrar must list the UltraDNS name servers as the authoritative name servers for the domain. If the domain is not delegated to UltraDNS, the TXT record may exist in UltraDNS but will not be discoverable by external validation checks.

When Automation Will Revalidate the Domain

UltraDNS automation should handle revalidation for a domain if both of the following conditions are true:

• You have already confirmed that the integration is working and the domain is delegated to UltraDNS.
• The next scheduled automated update for the domain occurs before the domain validation expires.

If both conditions are met, the automation should create and remove the required _dnsauth TXT record in time for revalidation.

Important Notes

• Automation can be blocked if a _dnsauth TXT record was created manually by a user.
• The automation does not delete user-generated _dnsauth TXT records.
• If a manual _dnsauth TXT record exists, delete that user-generated record so the automated process can manage future creation and deletion.
• The audit trail is the best place to confirm whether record activity is being performed by ultradns_system.

Related Articles

• Why _dnsauth TXT Records Cannot Be Deleted in UltraDNS
• How to Complete Domain Control Validation Using a TXT Record
• How to Verify DNS Delegation to UltraDNS Name Servers