![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 5%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 7.000000000000001%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Azure App Service still requires proof of domain ownership; it does not intentionally allow arbitrary domains to be bound.
From the documented behavior:
- Domain ownership is validated by checking that the required DNS records (CNAME/A and usually the
asuidTXT record) exist in the authoritative DNS zone for the domain and are publicly resolvable. - Validation succeeds only when those records are present and match the values that App Service expects. If the TXT or CNAME/A records are missing, incorrect, or not yet propagated, validation fails with errors such as Cannot verify domain ownership or DNS record could not be located.
- Internal or non‑resolvable domains cannot be validated on the public multi‑tenant App Service at all.
If a domain that is not actually owned can be validated and added, that indicates a misconfiguration in DNS (for example, the domain’s DNS already contains the CNAME/TXT values pointing to the app) or a platform issue. The platform is designed to prevent “hijacking” by requiring the TXT verification record and matching CNAME/A records.
Recommended actions:
- Confirm which DNS provider is authoritative for the domain and verify the TXT and CNAME/A records there (not just at the registrar UI). Use public DNS tools as described in the troubleshooting guidance to see what Azure is actually reading.
- If validation is succeeding without the expected DNS records being present in the authoritative zone, open an Azure Support ticket. Provide:
- The App Service name and region.
- The exact custom hostname.
- DNS query results (TXT and CNAME/A) from public resolvers.
This scenario should be treated as a support case so the Azure App Service team can investigate whether there is a platform bug or stale validation state.
References:
- Troubleshoot custom domain issues in Azure App Service for web apps on Windows and Linux
- Set up an existing custom domain in Azure App Service
- Migrate an existing domain to Azure App Service
- Custom domain suffix for App Service Environments
- Custom domain still validating after 12 hours - Microsoft Q&A Resource:
- All cnames are on azure and ownership validation still in progress over 24 hours. There is an isssue. - Microsoft Q&A informatiksystems.com
- How do I delete a custom domain that was associated with a deleted web app? - Microsoft Q&A