How to Create a DNS TXT Record on Cloudflare

This is something I have to do regularly, often for setting up photography services and image archives with custom domains, for example. So I thought it might be useful to put together a quick guide.

If a site or service has asked you to set up a TXT DNS record, it’s usually to prove that you own the domain (or at least have authority to update the DNS records). It’s a quick and simple process—here’s how to do it on Cloudflare.

Text & Photos By David Coleman

Last Revised & Updated: November 22, 2023

Filed Under:

Topics: Cloudflare

I MAY get commissions for purchases made through links in this post.

Quick Summary

DNS TXT Record Purpose: Verifies domain ownership/access by acting as a one-off secret password.
Usage: Common in Google Analytics, SEO services, cloud storage/CDN providers, and website hosts requiring domain verification.
Creation Process on Cloudflare:
1. Access Cloudflare account.
2. Select desired domain.
3. Navigate to DNS menu.
4. Create new TXT record, not replacing existing ones; multiple TXT records can coexist independently.

Some online services will ask you to verify ownership of a domain before it can interact with your domain. One of the simplest and quickest methods is often offered as updating your domain’s DNS records with a TXT record, and it’s the option I usually choose for site verification with new sites or new tools.

Messing with DNS can be daunting. But verifying with a TXT record is simple, quick, and safe. Here’s how to do it if you’re using Cloudflare.

What are DNS TXT Records & What are They Used For?

A DNS TXT record is often used as a way to verify that you own and have access to the DNS records associated with a domain name. Without that access, there’s no way to create the txt record, so it’s a reliable method to prove ownership.

So the TXT record is basically like a one-off secret password. The service or site that’s requesting the authentication wants to be able to go directly to your domain name–without you in the middle–and be able to prove that the DNS record knows that secret password. And there’s only one way that the DNS record can possibly know that password–if you have full access to the DNS account and are therefore able to update the account with the password.

Some common places you might run into this are:

It’s one of the verification methods offered by Google Analytics and Search Console.
SEO services that need to verify your ownership of a domain, such as AHREFs or SEMRush.
Cloud storage and CDN providers when mapping to your domain.
Website hosts who need verification that you own the domain.

I’m focusing here on Cloudflare, but the way to do this is broadly similar across DNS registrars.

What You Need

Before you begin, you’ll need:

Access to the Cloudflare account that your domain is under.
The content for the TXT record. This will be provided by the service requesting authentication.

How to Create the TXT Record in Cloudflare

Log into your Cloudflare account.

Choose the domain you want to verify.

Click on the DNS menu item at the left side of the screen.

You might already have several DNS entries for that domain. It might be just a couple of records that simply point the domain to your website’s host server (A records). There might also be some CNAMEs and perhaps even some mail server (MX) records. But whatever is already there, you can ignore it. Even if you already have TXT records there. Because the aim here isn’t to replace an existing record but to create a new one–you can have as many TXT records as you like–they work independently.

Click the blue Add record button.

You’ll get a pop-down panel with various fields. It looks like this:

The Type field is a drop-down menu. Change that to TXT.

In the Name field, the service should have provided the information to enter. In many cases, you’ll likely want to put the @ symbol. This stands for your root domain. But sometimes you might need to enter something else, depending on what the TXT record is being used for. In any case, whatever service is asking you to verify the domain should tell you what to use there. ¹

The service or site that’s requesting you perform the verification will have provided the text to use in the Content field. It’s usually a long string of letters and numbers. Something like this:

google-site-verification=4gOmvJIWcVG82CxujVoADQ3FpkGpxG6l36aJ

This is a unique and single-use code–that’s the whole point. It’s case-sensitive. It’s safer to copy and paste it than retype it.

For the TTL field, in most cases, Auto is a good choice (Auto, in this case, means 5 minutes). The TXT record isn’t something that updates often, so you don’t want it to be pinging every minute. On the other hand, you don’t want to be waiting days before the verification can be completed. I find that Cloudflare’s Auto setting is a good balance. In some cases, the service requesting authentication might specify a TTL setting. If so, set the TTL field to match. ²

Once you’ve entered that, hit the Save button.

The new TXT record will now show up as a new link in your domain’s DNS records.

You can now go back to the service or site that’s requesting authentication to report that the TXT record has been added. That service or site will then ping your domain directly to verify that the information is there. It might not be picked up instantly, in which case, give it a few minutes–with a TTL set to Auto or similar, the information should be updated pretty quickly.

Things Worth Knowing

The service or site requesting authentication will provide the content for the Content field of the TXT record. It’s important that text is copied exactly and cleanly. You might also be provided with the information to enter into the Name and TTL fields.

In some cases, the TTL might also be specified. If so, it’s usually expressed in seconds. For example, a TTL of 300 is five minutes. A TTL of 3600 is an hour. And so on.

If it’s still not authenticating, here are some things to check:

You updated the correct domain. Yes, it might sound obvious, but if you have a bunch of domains in Cloudflare, especially if some are similar, it’s easy to select the wrong one.
The Type field is set to TXT (not A or CNAME, etc).
The text in the Context field was cleanly copied and pasted. Check for any rogue spaces at the end, for example. If you need to edit TXT record, use the Edit link to the right of the TXT record.
TTL is set to Auto or not longer than 10 minutes (600) or so. If it’s set longer, it means that you’ll need to wait longer for updates to be registered.

Many of the sites or services requesting domain authentication only need to perform this check once, and you can delete the TXT record if you wish. Some services might continue checking periodically, though, in which case you’ll need to go through the process again if you’ve deleted the TXT record.

In Cloudflare, a TXT record will also be grey clouded, with no way to orange cloud it. Or, more technically, the proxy status can only be DNS Only–it can’t be proxied and cached.

You can find the Name entries used for TXT records for Google services here.[↩]
Some DNS records in Cloudflare can be proxied (aka orange cloud). That includes A and CNAME records. With proxied records, Cloudflare doesn’t let you modify the TTL (at least, not with free and Pro accounts–maybe it’s possible with Business and Enterprise accounts). For proxied records, it’s forced to Auto, which is 5 minutes. If you disable the proxy and change the TTL, it will revert to Auto once you re-enable the proxy (orange cloud).
But TXT records can’t be proxied–they’re permanently gray-clouded. So you can specify a TTL from 1 minute up to 1 day.[↩]

Dec 1: Camera Bits, the company behind Photo Mechanic, is pushing back their announced transition to a subscription model. They’ve received a lot of pushback, and they’ve decided to add a perpetual license option as well (details still being worked out on that). More here.
Nov 30: Renowned French/American Magnum photographer Elliott Erwitt has died at 95 at his home in Manhattan. You can find an extensive collection of his decades-worth of photographers on the Magnum site.
Nov 22: ProGrade Digital has released their next-generation CFexpress 4.0 cards. Using PCIe Gen 4, they provide read speeds of up to 3400MB/s and sustained write speeds of up to 2400MB/s. They’re available in 512GB, 1TB, and 2TB sizes. But an important caveat before you rush out and buy one: These are designed for future cameras, not currently available ones. That’s because current cameras don’t use CFexpress 4.0 and therefore can’t take advantage of the speed benefits that it provides. So, for now, the only benefit you’ll see with these is if you happen to be using the ProGrade Digital PG05.6 USB 4.0 Reader you should get faster download speeds to your computer. And in case you’re wondering what happened to 3.0 . . . they’re skipping that, going straight from 2.0 to 4.0.
Nov 20: The 2023 Photography Black Friday deals are coming in thick and fast. I have a running list of particularly good deals that have caught my eye.
Nov 15: Nikon has released new firmware for the Nikon Zfc. Only listed change is support for a new model of battery that isn’t yet in stores (EN-EL25a).
Nov 7: Sony has announced a new top-shelf camera, the Sony a9 III. Like the others in the a9 series, the emphasis with this one is on speed. And to highlight the point, this one comes with a brand new type of sensor known as a Global Shutter Sensor rather than a rolling shutter. That allows shutter speeds of up to 1/80,000 and, incredibly a flash sync also at 1/80,0000. It’s a 24MP full-frame sensor and has an impressive array of features (4K120 video, 8-stop 5-axis stabilization, 759-point phase detection AF with tacking, etc). Priced at $5,999. Preorders open Nov 8 at 9am Eastern at B&H Photo.
Nov 7: Sony has announced a new high-end telephoto prime: the Sony FE 300mm f/2.8 GM OSS. MSRP or $5,999. Preorders open Nov 8 at 9am at B&H Photo
Oct 11: Nikon has announced a smaller and lighter 600mm telephoto lens for their Z mirrorless cameras: the NIKKOR Z 600mm ƒ/6.3 VR S. It weighs just over 3 pounds / 1.4 kg (which is under half of the ƒ/4 version) and about 11 inches long, making it far more portable and also far more viable to shoot hand-held without a tripod or monopod. It also costs under a third of the ƒ/4 version. It hasn’t yet hit the shelves but is available for preorder.
Oct 9: The Super telephoto lens category seems to be booming right now, which is great for wildlife and sports photographers who don’t want to take out a second mortgage to invest in one of the big-dollar telephotos. Tamron has announced a Nikon Z-mount version of their 150-500mm f/5-6.7 Di III VXD super telephoto zoom. There have been Fujifilm X and Sony E versions for a while. And it comes with at a very respectable MSRP of $1399. Expected to start shipping at the beginning of November and currently available for preorder.
Oct 5: Sigma has announced a new, small ultrawide zoom for APS-C mirrorless cameras: the 10-18mm ƒ/2.8 DC DN Contemporary. It’s small (2.4 inches long), has fast, smooth focusing aimed at video shooters, and is competitively priced. Versions for Fujifilm X, Leica L, and Sony E mounts. It’s currently available for preorder.
Oct 4: If you shoot with a Ricoh GR camera, whether film or digital, Pentax/Ricoh have announced the 2023 GR Photo Festival 2023. You can find information about entering it here.
Oct 4: Nikon has released updated firmware for the Z9 (Ver. 4.10). Seems to be a minor update, adding Birds and Airplanes to the AF subject detection options. Download the update here.
Sept 28: DxO has released PhotoLab 7 and FilmPack 7 as well as a new update for PureRAW, adding support for a bunch of new cameras and lenses.
Sept 27: Nikon has announced a new high-end, fast telephoto prime that promises to be a hit with portrait and wedding photographers as well as those shooting cinematic video: the Nikon NIKKOR Z 135mm ƒ/1.8 S Plena. Optical features that set this apart from the usual include distinctive circular bokeh and even corner-to-corner sharpness and light with minimal light falloff from vignetting. It’s available for preorder.
Sept 26: Canon has release new firmware for the Canon EOS R5. It’s version 1.9.0. Mostly bug fixes, with some relatively minor feature additions such as better voice memo management and enhanced security for some data transfer protocols. You can find it here.
Sept 21: There’s a bug in the GoPro HERO12 Black if you’re using The Remote with a multi-cam setup. It’s related to turning the cameras on an off with the remote. More here.
Sept 20: Nikon has announced the new retro-styled full-frame mirrorless, the Zf. Behind the old-style look are some impressive features. Given the popularity of other cameras of this style in recent years, I’d expect it to be a hit. And it’ll go nicely with some of the very small fast primes that Nikon has already released in the Z lineup. The Zf is currently available for preorder.
Sept 13: OM System (formerly Olympus) has announced the latest version of their impressive go-anywhere adventure camera, the OM SYSTEM Tough TG-7. Waterproof and tough enough to take a beating on your travels, it also boasts impressive image and video quality and features. I’ve covered the TG-5 here before; the TG-7 builds on that same foundation. The TG-7 is available for preorder.
Sept 12: Fujifilm has announced a new medium format mirrorless camera: Fujifilm GFX 100 II. There are three new lenses alongside it, a GF 55mm f/1.7R WR and two new tilt-shift lenses.
Sept 11: Lexar has launched a new line of affordably priced UHS-II SD cards, the Silver Pro line. Sizes from 64GB to 512GB, write speeds of up to 160 MB/s and read speeds up to 280 MB/s.
Sept 11: I’ve added some new recommendations for SD cards for the new GoPro HERO12 Black as well as the new DJI Osmo Action 4.
Sept 6: The new GoPro HERO12 Black is now available for preorder.
Sept 4: B&H has some great deals to go along with their BILD expo. For example, $800 OFF the Canon EOS R5 mirrorless body (use code BILDBH50 at checkout).
Sept 2: The CompactFlash Association has released the spec for CFexpress 4.0. It will keep the same form factors but have double the theoretical maximum speed, to 4 GB/s, while maintaining backward compatibility. It’s the next evolution of CFexpress after the current 2.0 (they are skipping 3.0) and applies to all three form factors: A, B, and C.

Text & Photos by David Coleman

I'm a Member Of:

How to Create a DNS TXT Record on Cloudflare

Table of Contents

What are DNS TXT Records & What are They Used For?

What You Need

How to Create the TXT Record in Cloudflare

Things Worth Knowing

Related Posts

Text & Photos by David Coleman

I'm a Member Of:

Newsletter

Thank you!