Forgive me if this question has been asked before. I’ve searched for answers but haven’t found anything. When setting domain verification, I get a TXT record value of bw=[LONG_CHARACTER_STRING] but it doesn’t tell me what the record name is. I assume it’s supposed to be the domain root, which would be * or @ depending on the system. Am I correct in thinking this?
I’m only asking because we don’t actually control our domain; it’s managed by a third-party contractor so I have to ask them to update DNS records and I don’t want to get into a back-and-forth with them.
The logs don’t seem to indicate what is being checked, however the tooltip in the entry form does say that subdomains need to be checked separately which made me think that “bitwarden.some.domain.value.com” would be the value?
Just in case anyone else needs this information. The hostname of the TXT record should just be the domain name you are verifying. Eg. domain.com Also watch out for spaces either before or after the value entry. Spaces will cause BW to fail verifying the domain. dont ask me how i know.
The method varies from brand of DNS server to brand of DNS server. In ActiveDirectory and BIND (IIRC), one creates two completely separate TXT records with the same name. In Azure, one clicks a “+” button inside the first TXT record.
The bigger issue though is bloat of the “apex record” (e.g. domain.com), If the total size gets over 512 bytes, DNS works differently, increasing the risk of encountering bugs such as home-routers that presume that DNS is always UDP.
The better solution would be for bitwarden to use its a dedicated name, such as _bitwarden.domain.com IN TXT bw=[LONG_CHARACTER_STRING] This way, it need not compete with anything else.