Mapping apex domain to Azure Front Door and afdverify

New Contributor

We are currently trying to use the Azure Front Door for global failover in between two webapps. We ran into the issue of not being able to map the apex domain to the Front Door. We are not using Azure DNS and are unable to create an apex record as our zone is signed.

During a call with Microsoft support they suggested a temporary solution to create CNAME record pointing to


This is working but he warned that this is a temporary solution and the public IPs of the Azure Front Door are subject to change. I'm not sure I understand what afdverify does. The only thing I found is that this is used as a method to prove that we own the domain. And if I don't have an A record that points to an IP how is this method affected by the Azure Front Door IP change.

Has anyone found a different solution for mapping the apex domain besides using Azure, Amazon or CloudFlare DNS




1 Reply

Correction, the CNAME entry points to