Domain Verification DNS Record Name

Forgive me if this question has been asked before. I’ve searched for answers but haven’t found anything. When setting domain verification, I get a TXT record value of bw=[LONG_CHARACTER_STRING] but it doesn’t tell me what the record name is. I assume it’s supposed to be the domain root, which would be * or @ depending on the system. Am I correct in thinking this?

I’m only asking because we don’t actually control our domain; it’s managed by a third-party contractor so I have to ask them to update DNS records and I don’t want to get into a back-and-forth with them.

Thanks!

1 Like

I’m encountering a similar situation and would like to know the answer to the question. If my app is installed at something like:

bitwarden.some.domain.value.com

What value am I entering?

bitwarden.some.domain.value.com?
some.domain.value.com?
domain.value.com?

The logs don’t seem to indicate what is being checked, however the tooltip in the entry form does say that subdomains need to be checked separately which made me think that “bitwarden.some.domain.value.com” would be the value?

I’ve got the same issue. It’s a little ridiculous how this information is nowhere to be found - not in the UI, not in the guide, and not even here :frowning:

I think it’s at the root of the domain.

Just in case anyone else needs this information. The hostname of the TXT record should just be the domain name you are verifying. Eg. domain.com Also watch out for spaces either before or after the value entry. Spaces will cause BW to fail verifying the domain. dont ask me how i know. :wink:

For me following DNS settings worked well:

  1. Login to your Domain Hoster.
  2. Go to your Domain and open DNS settings.
  3. Create a TXT record with field name @ and value your personal Bitwarden token.
  4. Save.

Best regards :slight_smile:

Hey all, if anyone is managing a domain that already has a bunch of TXT records at the root of the domain, just separate them with “” E.g.,

"bw=<STUFF>" "atlassian=dmarc_<OTHER STUFF>"

Cheers!

The method varies from brand of DNS server to brand of DNS server. In ActiveDirectory and BIND (IIRC), one creates two completely separate TXT records with the same name. In Azure, one clicks a “+” button inside the first TXT record.

The bigger issue though is bloat of the “apex record” (e.g. domain.com), If the total size gets over 512 bytes, DNS works differently, increasing the risk of encountering bugs such as home-routers that presume that DNS is always UDP.

The better solution would be for bitwarden to use its a dedicated name, such as _bitwarden.domain.com IN TXT bw=[LONG_CHARACTER_STRING] This way, it need not compete with anything else.