Skip to content

Domain Verification Guide

This guide walks you through verifying domain ownership using the bnerd CLI.

Why Verify Domains?

Domain verification proves you own a domain before you can create DNS zones under it. This prevents unauthorized zone creation and enables self-service domain management.

Verification Workflow

Create request → Add TXT record → Verify → Done

Step 1: Create a Verification Request

bnerd domains create example.com

Output:

Domain verification request created!

Add the following TXT record to your DNS:
  Host:  _hq-verify.example.com
  Type:  TXT
  Value: hq-verify=abc123def456ghi789jkl012mno345pqr678stu901vwx234yz
  TTL:   300

Then run: bnerd domains verify 550e8400-e29b-41d4-a716-446655440000

Note the domain ID and the TXT record details.

Step 2: Add the TXT Record to Your DNS

Add the TXT record at your current DNS provider (wherever your domain's nameservers point to). The record format is:

Field Value
Host _hq-verify.example.com
Type TXT
Value hq-verify=abc123def456... (from Step 1 output)
TTL 300

If you're already managing DNS with bnerd, you can add it directly:

bnerd dns records create <zone-id> \
  --name _hq-verify.example.com. \
  --type TXT \
  --content "hq-verify=abc123def456ghi789jkl012mno345pqr678stu901vwx234yz"

Step 3: Wait for DNS Propagation

DNS changes can take a few minutes to propagate. Wait 5-10 minutes before proceeding.

Check propagation

You can verify the TXT record is visible: 

dig TXT _hq-verify.example.com +short

Step 4: Verify

bnerd domains verify <domain-id>

On success:

Domain verified successfully!

On failure:

Verification failed
Error: TXT record not found or incorrect
Warning: You have 7 attempt(s) remaining. Please check your DNS settings.

Remaining attempts: 7/10

Verification Limits

  • Maximum attempts: 10 per token
  • Expiration: Verification requests expire after 7 days
  • Token security: 64 hex characters, cryptographically secure

If you exceed 10 attempts, regenerate the token:

bnerd domains regenerate <domain-id>

This resets the attempt counter and generates a new TXT record value. Update your DNS with the new value.

Managing Domains

List All Domains

bnerd domains list

Shows both verified and pending domains.

Check Domain Status

bnerd domains get <domain-id>

Delete an Unverified Domain

bnerd domains delete <domain-id>

Note

Verified domains cannot be deleted via the CLI. Contact support if needed.

Domain Statuses

Status Description
pending Verification request created, waiting for DNS check
verified Domain ownership confirmed
failed Maximum verification attempts exceeded — regenerate token
expired Verification request expired (after 7 days)

Troubleshooting

"TXT record not found"

  • Wait for DNS propagation (5-10 minutes)
  • Verify the TXT record exists: dig TXT _hq-verify.example.com +short
  • Check the record value matches exactly (including the hq-verify= prefix)

"has already been taken"

  • The domain is already registered by another organization
  • Contact support if you believe this is an error

"is a platform reserved domain"

  • Certain domains (e.g., bnerd.cloud, bnerd.com) are reserved by the platform and cannot be verified by customers

Maximum attempts exceeded

  • Run bnerd domains regenerate <domain-id> to get a new token
  • Update your DNS TXT record with the new value
  • Try verification again

What's Next?

Once your domain is verified, you can create DNS zones under it:

bnerd dns zones create example.com

See DNS Zones for more details.