diff --git a/src/dns/caas.js b/src/dns/caas.js
index 886f8ec7b..27fb6048e 100644
--- a/src/dns/caas.js
+++ b/src/dns/caas.js
@@ -118,5 +118,9 @@ function verifyDnsConfig(dnsConfig, domain, ip, callback) {
     assert.strictEqual(typeof ip, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    return callback(null);
+    var credentials = {
+        provider: dnsConfig.provider
+    };
+
+    return callback(null, credentials);
 }
diff --git a/src/dns/digitalocean.js b/src/dns/digitalocean.js
index 88d1df4e8..bb6f4be14 100644
--- a/src/dns/digitalocean.js
+++ b/src/dns/digitalocean.js
@@ -179,16 +179,21 @@ function verifyDnsConfig(dnsConfig, domain, ip, callback) {
     assert.strictEqual(typeof ip, 'string');
     assert.strictEqual(typeof callback, 'function');
 
+    var credentials = {
+        provider: dnsConfig.provider,
+        token: dnsConfig.token
+    };
+
     dns.resolveNs(domain, function (error, nameservers) {
         if (error && error.code === 'ENOTFOUND') return callback(new SubdomainError(SubdomainError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
         if (error || !nameservers) return callback(error || new Error('Unable to get nameservers'));
 
-        upsert(dnsConfig, domain, 'my', 'A', [ ip ], function (error, changeId) {
+        upsert(credentials, domain, 'my', 'A', [ ip ], function (error, changeId) {
             if (error) return callback(new SubdomainError(SubdomainError.INTERNAL_ERROR, error));
 
             debug('verifyDnsConfig: A record added with change id %s', changeId);
 
-            callback();
+            callback(null, credentials);
         });
     });
 }
diff --git a/src/dns/interface.js b/src/dns/interface.js
index 9d5739aa0..3e441c89f 100644
--- a/src/dns/interface.js
+++ b/src/dns/interface.js
@@ -62,7 +62,7 @@ function verifyDnsConfig(dnsConfig, domain, ip, callback) {
     assert.strictEqual(typeof ip, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    // Result: none, successful if no error
+    // Result: dnsConfig object
 
     callback(new Error('not implemented'));
 }
diff --git a/src/dns/manual.js b/src/dns/manual.js
index 28fdfc4e0..36e4b5529 100644
--- a/src/dns/manual.js
+++ b/src/dns/manual.js
@@ -104,7 +104,7 @@ function verifyDnsConfig(dnsConfig, domain, ip, callback) {
             });
         }, function (error) {
             if (error) return callback(new SubdomainError(SubdomainError.BAD_FIELD, 'Unable to resolve this domain'));
-            callback(null);
+            callback(null, { provider: dnsConfig.provider, wildcard: !!dnsConfig.wildcard });
         });
     });
 }
diff --git a/src/dns/noop.js b/src/dns/noop.js
index 35a338dc9..a2c1e5009 100644
--- a/src/dns/noop.js
+++ b/src/dns/noop.js
@@ -62,5 +62,9 @@ function verifyDnsConfig(dnsConfig, domain, ip, callback) {
     assert.strictEqual(typeof ip, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    return callback(null);
+    var credentials = {
+        provider: dnsConfig.provider
+    };
+
+    return callback(null, credentials);
 }
diff --git a/src/dns/route53.js b/src/dns/route53.js
index 372522953..8efc564a7 100644
--- a/src/dns/route53.js
+++ b/src/dns/route53.js
@@ -218,11 +218,19 @@ function verifyDnsConfig(dnsConfig, domain, ip, callback) {
     assert.strictEqual(typeof ip, 'string');
     assert.strictEqual(typeof callback, 'function');
 
+    var credentials = {
+        provider: dnsConfig.provider,
+        accessKeyId: dnsConfig.accessKeyId,
+        secretAccessKey: dnsConfig.secretAccessKey,
+        region: dnsConfig.region || 'us-east-1',
+        endpoint: dnsConfig.endpoint || null
+    };
+
     dns.resolveNs(domain, function (error, nameservers) {
         if (error && error.code === 'ENOTFOUND') return callback(new SubdomainError(SubdomainError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
         if (error || !nameservers) return callback(error || new Error('Unable to get nameservers'));
 
-        getHostedZone(dnsConfig, domain, function (error, zone) {
+        getHostedZone(credentials, domain, function (error, zone) {
             if (error) return callback(error);
 
             if (!_.isEqual(zone.DelegationSet.NameServers.sort(), nameservers.sort())) {
@@ -230,12 +238,12 @@ function verifyDnsConfig(dnsConfig, domain, ip, callback) {
                 return callback(new SubdomainError(SubdomainError.BAD_FIELD, 'Domain nameservers are not set to Route53'));
             }
 
-            upsert(dnsConfig, domain, 'my', 'A', [ ip ], function (error, changeId) {
+            upsert(credentials, domain, 'my', 'A', [ ip ], function (error, changeId) {
                 if (error) return callback(new SubdomainError(SubdomainError.INTERNAL_ERROR, error));
 
                 debug('verifyDnsConfig: A record added with change id %s', changeId);
 
-                callback();
+                callback(null, credentials);
             });
         });
     });
diff --git a/src/settings.js b/src/settings.js
index 6ccbca229..79b778683 100644
--- a/src/settings.js
+++ b/src/settings.js
@@ -463,18 +463,27 @@ function setDnsConfig(dnsConfig, callback) {
         return callback(new SettingsError(SettingsError.BAD_FIELD, 'provider must be route53, digitalocean, noop, manual or caas'));
     }
 
-    validator(credentials, function (error) {
-        if (error) return callback(error);
+    sysinfo.getIp(function (error, ip) {
+        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, 'Error getting IP:' + error.message));
 
-        settingsdb.set(exports.DNS_CONFIG_KEY, JSON.stringify(credentials), function (error) {
+        subdomains.verifyDnsConfig(dnsConfig, dnsConfig.domain, ip, function (error, result) {
+            if (error && error.reason === SubdomainError.ACCESS_DENIED) return callback(new SettingsError(SettingsError.BAD_FIELD, 'Error adding A record. Access denied'));
+            if (error && error.reason === SubdomainError.NOT_FOUND) return callback(new SettingsError(SettingsError.BAD_FIELD, 'Zone not found'));
+            if (error && error.reason === SubdomainError.EXTERNAL_ERROR) return callback(new SettingsError(SettingsError.BAD_FIELD, 'Error adding A record:' + error.message));
+            if (error && error.reason === SubdomainError.BAD_FIELD) return callback(new SettingsError(SettingsError.BAD_FIELD, error.message));
+            if (error && error.reason === SubdomainError.INVALID_PROVIDER) return callback(new SettingsError(SettingsError.BAD_FIELD, error.message));
             if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
 
-            // sync the domain to the cloudron.conf
-            if (dnsConfig.domain) config.set('fqdn', dnsConfig.domain);
+            settingsdb.set(exports.DNS_CONFIG_KEY, JSON.stringify(result), function (error) {
+                if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
 
-            exports.events.emit(exports.DNS_CONFIG_KEY, dnsConfig);
+                // sync the domain to the cloudron.conf
+                if (dnsConfig.domain) config.set('fqdn', dnsConfig.domain);
 
-            callback(null);
+                exports.events.emit(exports.DNS_CONFIG_KEY, dnsConfig);
+
+                callback(null);
+            });
         });
     });
 }