This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 35%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
This may be an issue with DNS rather than AFD.
My customer wants access an application behind AFD using an apex zone (calquakemap.com).
This is the AFD in the portal. As you can see, it is asking for a _dnsauth.calquakemap.com TXT to perform validation:
This contradicts the name at https://learn.microsoft.com/en-us/azure/frontdoor/apex-domain (which is an unqualified _dnsauth) so I set both:
The automated help/diagnostics say that no TXT entry is being returned by the DNS service, and using dig seems to confirm this.
So how do I make this work?
The question seems to be missing some text:
The domain remains unvalidated in AFD and stays so even if I regenerate the text value.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 36%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Hi andrew cooke
It seems you are having trouble validating an apex domain in Azure Front Door.
We request you to please check the following details:
1.Verify the TXT record using dig: (dig TXT _dnsauth.calquakemap.com).
2.Ensure the record is published exactly as required:
Name: _dnsauth.calquakemap.com
Type: TXT
Value: 7J2kp3hphA9sMya2b dZ1kqenbymA
3.Wait for DNS propagation (can take up to 24–48 hours depending on TTL and provider).
Refer: https://learn.microsoft.com/en-us/azure/frontdoor/apex-domain
Even though you mentioned setting both _dnsauth and _dnsauth.calquakemap.com, the record must be set exactly as shown:
_dnsauth.calquakemap.com, not just _dnsauth._dnsauth as a relative name and append the domain automatically, while others require the full FQDN.I hope this helps! If these answers your query, do click the "Upvote" and click "Accept the answer" of which might be beneficial to other community members reading this thread.
If the above is unclear or you are unsure about something, please add a comment below.
as i said in the question (maybe i phrased it in too english a manner) dig does not show the value.
this is the azure dns service (i included a picture) so surely you should know which form the name should be? and anyway i included both.
i will wait, but i have been trying to get this working for a week and suspect i have already waited for a day or two during previous attempts (and subdomains from the same dns zone validate in minutes).
Hello andrew cooke
Thank you for your response.
You can remove the _dnsauth record and refer to the document below for more information:
https://learn.microsoft.com/en-us/azure/frontdoor/domain#domain-validation-states
Please let me know if you have any further questions.
Hello
I am following up on this thread and wanted to check if you had a chance to review the information we posted in the comments.
Please let me know if you have any further questions.
(i was on vacn yesterday). i waited, the dns records are visible and match the instructions, but nothing changed.
well, nothing positive. now the naes that were working have a failed provisioning state which i don't understand (they seem to still work fine).
Hi andrew cooke
I am following up on this thread and wanted to check if you had a chance to review the information posted by TP .
Please let us know if you have any questions or concerns. We are happy to assist you.
Hi Andrew,
You need to add _dnsauth TXT record to Cloudflare DNS for calquakemap.com. You will also need to add CNAME records to Cloudflare as well.
Please click Accept Answer and upvote if the above was helpful.
Thanks.
-TP
cloudflare? i am using azure dns. also, i have the TXT entries. you can see them in the screenshot. is this a joke? some kind of ai slop?
cloudflare? i am using azure dns. also, i have the TXT entries. you can see them in the screenshot. is this a joke? some kind of ai slop?
Yes, Cloudflare. The apex domain calquakemap.com is served by Cloudflare DNS servers, which is why I'm asking you to create TXT record there.
I have never used AI for any of the answers/comments I've posted here.
we don't have a cloudflare account or any other access i am aware of. we perform all dns operations through azure and i have included images of those with the txt records. please can you provide more detailed instructions if that is not correct.
The domain registrar for calquakemap.com is Cloudflare, and the name servers for it are on Cloudflare as well. Please see screenshot below:
Dig output:
NOTE: Name servers for www.calquakemap.com are on Azure DNS.
@andrew cooke Any update? Have you gotten in touch with the person handling the Cloudflare account? The contact name on the domain is Keosha Nesbitt if that helps.
well, it looks like i owe you a sincere apology. i am chasing this down now. thanks. assuming this leads to a fix i will make this as an answer (but it will be some time - i am only on this project part time)
@andrew cooke Any update?