Moving away from AWVERIFY seems like a backward step

[jonathan-martin-endava]

Moving away from AWVERIFY records for pre-emptive custom domain binding seems like a backwards step which goes against automating the infrastructure (as a single run) UNLESS you are using Azure DNS.

With what I understand from the above we need to create an App Service (to get the verification ID) and then update DNS records (using the verification id) and then update the App Service to include the bound custom domain names. At best this is 3 independent automated steps but in all reality it is an automated step (App Service creation), manual step (DNS) and then finally an automated step (App Service HostName Bindings) compared to a manual step (DNS) followed by automated (App Service creation + HostName Bindings).

It would be interesting to hear the logic making decision for this one. Can you not keep AWVERIFY records going?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 56baff6e-3653-f1a5-1c9b-dd4d372e2291
• Version Independent ID: e44e3b63-6f49-ef86-0607-2c1a71a86bd0
• Content: Migrate an active DNS name - Azure App Service
• Content Source: articles/app-service/manage-custom-dns-migrate-domain.md
• Service: app-service
• GitHub Login: @cephalin
• Microsoft Alias: cephalin

[Grace-MacJones-MSFT]

Hi @jonathan-martin-endava, thank you for the detailed question. We are currently investigating and will update you when we have accurate information to provide.

[Grace-MacJones-MSFT]

Hi @jonathan-martin-endava,

Thank you so much for your patience. Yes, we moved away from awverify and moved towards asuid. As the world continues to change, asuid is the best way to prevent dangling DNS entries and help to avoid subdomain takeovers (Please view this doc for more info: https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain). We do understand your frustration around the inability to automate the use of asuid and suggest you share your feedback with the product group here.

We will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply. We will gladly continue the discussion and we will reopen the issue.

[jonathan-martin-endava]

Hi @Grace-MacJones-MSFT With further testing we have identified that the Custom Domain Verification ID is identical for all App Services across a subscription. It would be really useful if you'd update the page referenced above with a comment as such as that then means its not a true blocker for automation. Thanks,