How to Create a DNS TXT Record on Cloudflare

This is something I have to do regularly, often for setting up photography services and image archives with custom domains, for example. So I thought it might be useful to put together a quick guide.

If a site or service has asked you to set up a TXT DNS record, it’s usually to prove that you own the domain (or at least have authority to update the DNS records). It’s a quick and simple process—here’s how to do it on Cloudflare.

Text & Photos By David Coleman
Last Revised & Updated:
Topics: Cloudflare

I MAY get commissions for purchases made through links in this post.

Quick Summary

  • DNS TXT Record Purpose: Verifies domain ownership/access by acting as a one-off secret password.
  • Usage: Common in Google Analytics, SEO services, cloud storage/CDN providers, and website hosts requiring domain verification.
  • Creation Process on Cloudflare:
    1. Access Cloudflare account.
    2. Select desired domain.
    3. Navigate to DNS menu.
    4. Create new TXT record, not replacing existing ones; multiple TXT records can coexist independently​.

Some online services will ask you to verify ownership of a domain before it can interact with your domain. One of the simplest and quickest methods is often offered as updating your domain’s DNS records with a TXT record, and it’s the option I usually choose for site verification with new sites or new tools.

Messing with DNS can be daunting. But verifying with a TXT record is simple, quick, and safe. Here’s how to do it if you’re using Cloudflare.

What are DNS TXT Records & What are They Used For?

A DNS TXT record is often used as a way to verify that you own and have access to the DNS records associated with a domain name. Without that access, there’s no way to create the txt record, so it’s a reliable method to prove ownership.

So the TXT record is basically like a one-off secret password. The service or site that’s requesting the authentication wants to be able to go directly to your domain name–without you in the middle–and be able to prove that the DNS record knows that secret password. And there’s only one way that the DNS record can possibly know that password–if you have full access to the DNS account and are therefore able to update the account with the password.

Some common places you might run into this are:

I’m focusing here on Cloudflare, but the way to do this is broadly similar across DNS registrars.

What You Need

Before you begin, you’ll need:

  • Access to the Cloudflare account that your domain is under.
  • The content for the TXT record. This will be provided by the service requesting authentication.

How to Create the TXT Record in Cloudflare

Log into your Cloudflare account.

Choose the domain you want to verify.

Click on the DNS menu item at the left side of the screen.

You might already have several DNS entries for that domain. It might be just a couple of records that simply point the domain to your website’s host server (A records). There might also be some CNAMEs and perhaps even some mail server (MX) records. But whatever is already there, you can ignore it. Even if you already have TXT records there. Because the aim here isn’t to replace an existing record but to create a new one–you can have as many TXT records as you like–they work independently.

Click the blue Add record button.

You’ll get a pop-down panel with various fields. It looks like this:

The Type field is a drop-down menu. Change that to TXT.

Cloudflare Add TXT Record Panel

In the Name field, the service should have provided the information to enter. In many cases, you’ll likely want to put the @ symbol. This stands for your root domain. But sometimes you might need to enter something else, depending on what the TXT record is being used for. In any case, whatever service is asking you to verify the domain should tell you what to use there. 1

The service or site that’s requesting you perform the verification will have provided the text to use in the Content field. It’s usually a long string of letters and numbers. Something like this:

google-site-verification=4gOmvJIWcVG82CxujVoADQ3FpkGpxG6l36aJ 

This is a unique and single-use code–that’s the whole point. It’s case-sensitive. It’s safer to copy and paste it than retype it.

For the TTL field, in most cases, Auto is a good choice (Auto, in this case, means 5 minutes). The TXT record isn’t something that updates often, so you don’t want it to be pinging every minute. On the other hand, you don’t want to be waiting days before the verification can be completed. I find that Cloudflare’s Auto setting is a good balance. In some cases, the service requesting authentication might specify a TTL setting. If so, set the TTL field to match. 2

Once you’ve entered that, hit the Save button.

The new TXT record will now show up as a new link in your domain’s DNS records.

You can now go back to the service or site that’s requesting authentication to report that the TXT record has been added. That service or site will then ping your domain directly to verify that the information is there. It might not be picked up instantly, in which case, give it a few minutes–with a TTL set to Auto or similar, the information should be updated pretty quickly.

Things Worth Knowing

The service or site requesting authentication will provide the content for the Content field of the TXT record. It’s important that text is copied exactly and cleanly. You might also be provided with the information to enter into the Name and TTL fields.

In some cases, the TTL might also be specified. If so, it’s usually expressed in seconds. For example, a TTL of 300 is five minutes. A TTL of 3600 is an hour. And so on.

If it’s still not authenticating, here are some things to check:

  • You updated the correct domain. Yes, it might sound obvious, but if you have a bunch of domains in Cloudflare, especially if some are similar, it’s easy to select the wrong one.
  • The Type field is set to TXT (not A or CNAME, etc).
  • The text in the Context field was cleanly copied and pasted. Check for any rogue spaces at the end, for example. If you need to edit TXT record, use the Edit link to the right of the TXT record.
  • TTL is set to Auto or not longer than 10 minutes (600) or so. If it’s set longer, it means that you’ll need to wait longer for updates to be registered.

Many of the sites or services requesting domain authentication only need to perform this check once, and you can delete the TXT record if you wish. Some services might continue checking periodically, though, in which case you’ll need to go through the process again if you’ve deleted the TXT record.

In Cloudflare, a TXT record will also be grey clouded, with no way to orange cloud it. Or, more technically, the proxy status can only be DNS Only–it can’t be proxied and cached.

  1. You can find the Name entries used for TXT records for Google services here.[]
  2. Some DNS records in Cloudflare can be proxied (aka orange cloud). That includes A and CNAME records. With proxied records, Cloudflare doesn’t let you modify the TTL (at least, not with free and Pro accounts–maybe it’s possible with Business and Enterprise accounts). For proxied records, it’s forced to Auto, which is 5 minutes. If you disable the proxy and change the TTL, it will revert to Auto once you re-enable the proxy (orange cloud).
    But TXT records can’t be proxied–they’re permanently gray-clouded. So you can specify a TTL from 1 minute up to 1 day.[]
Profile photo of David Coleman | Have Camera Will Travel | Washington DC-based Professional Photographer

Text & Photos by David Coleman

I'm a professional photographer based in Washington DC. Seven continents, up mountains, underwater, and a bunch of places in between. I've been shooting for 30+ years, and my my photos and time-lapse videos have appeared in a bunch of different publications from major newspapers to magazines and books, billboards, TV shows, professional sports stadiums, museums, and even massive architectural scrims covering world-famous buildings while they're being renovated. You can see some of my travel photography here and here.