Closed ishepherd closed 4 years ago
@ishepherd, Thanks for the question! We are taking a look into this and will get back to you soon.
@AjayKumar-MSFT I just tagged you in a Teams thread where we were recently told to use the TXT value from the latest document, i.e. the asuid value not awverify. Please make this change high priority - it's causing confusion.
Iain, Apologies for the delay! We have been discussion on this internally with the product team and author, we will review further and make appropriate changes in the document as required. Thanks for your feedback and support.
Thanks @AjayKumar-MSFT and @dcbrown16
A colleague today pointed me to this page: https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover#use-azure-app-services-custom-domain-verification
That answers my original question: Use asuid, not awverify, because asuid prevents subdomain takeover attacks.
Iain, thanks for the update and sharing the answer. We will work with the author and get the document(s) updated as required for additional clarity. We will close this out, but if you feel you need more information please just let us know.
Re: Create domain verification record:
Is
TXT awverify
still the best way to verify?Could
TXT asuid
be used instead? (link)I have sometimes found the
awverify
way unreliable, I'm wondering if theasuid
way is any better or more secure?Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.