Hey everyone! I'm looking for some guidance on the specifics of DNS verification records. Are there any services or processes that require these records, like TXT or CNAME, to be kept around even after the initial verification is completed? Or is it usually safe to remove them once verification is done? I've come across cases like domain registrar verifications and Microsoft 365 custom domain checks, as well as the Have I Been Pwned verification process. I appreciate any insights!
3 Answers
Honestly, there should be an RFC for this issue to help clarify the rules around DNS record expiration. Documentation tends to be vague, and many vendors expect you to just drop some random string into your DNS. At least some, like Zoom and Apple, are kind enough to include a recognizable brand name in their verification records, which helps a lot!
Some services definitely require you to keep the DNS records around after verification, while others don’t. For instance, Bitwarden does require it for claimed domains as per their help page.
From my experience, some records must stay after setup. A couple months ago, I had an issue because someone deleted a verification DNS entry, and it caused quite a hassle. Be cautious about removing these records, especially for older domains!
That’s exactly my worry! I’m trying to clean up old DNS records for a few domains, but I don’t want to miss vital verification entries. Why can’t things be straightforward?!