Hello Yemisi Popoola,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
Problem
Sequel to your questions, I understand that you are experiencing difficulties provisioning an App Service custom domain using Bicep. Despite attempts to deploy the custom domain, they encounter an error indicating that a required TXT record for domain verification is not found. The issue persists despite following the provided template for DNS configuration. You seek assistance in troubleshooting the error and successfully provisioning the custom domain.
Scenarios
A cloud engineer was tasked with deploying a web application to Azure App Service. As part of the deployment process, she needs to configure a custom domain for the application. She decides to use Bicep, a domain-specific language for deploying Azure resources, to automate the provisioning process. She prepares a Bicep template to define the necessary Azure resources, including the App Service, DNS Zone, and DNS records. After completing the template, she initiates the deployment process. During deployment, she encounters an error indicating that the TXT record required for domain verification is not found. Despite double-checking the template and DNS configuration, the error persists.
Solution
Firstly, the error message you're encountering indicates that a TXT record required for custom domain verification is not found. This usually happens when Azure cannot find the TXT record associated with your custom domain.
To address the issues encountered while provisioning the App Service custom domain using Bicep. There are couple of steps to troubleshoot and potentially resolve this issue:
STEP ONE:
- Ensure that you've properly verified ownership of the domain in Azure. This usually involves adding a TXT record to your DNS configuration with the provided verification code.
- Check the Azure portal to verify domain ownership. Navigate to the Azure portal > App Services > Custom domains. Verify that the domain status shows as "Verified".
STEP TWO:
- Double-check your DNS configuration to ensure that the TXT record is correctly set up.
Verify that the TXT record exists in your DNS configuration. You can do this by using a DNS lookup tool or by checking your DNS provider's dashboard.
STEP THREE:
DNS changes can take time to propagate globally. Wait for some time (usually up to 24 hours) after making DNS changes to allow for propagation. You can use any online DNS propagation checking tools to monitor the propagation progress.
STEP FOUR:
- Ensure that all the resources referenced in your Bicep template (like appService, dnsZone, etc.) are correctly defined and accessible in your Azure subscription.
Double-check the resource names, resource group associations, and dependencies in your Bicep template.
STEP FIVE:
- Make sure that the account you're using to deploy the Bicep template has sufficient permissions to create DNS records and configure App Service custom domains.
Check the Azure role assignments to ensure that the user or service principal has the necessary permissions.
STEP SIX:
- Check the Azure Service Health Dashboard to see if there are any ongoing issues with Azure DNS or Azure App Service in your region.
If there are any service disruptions or known issues, you may need to wait until they are resolved before proceeding with the deployment.
Finally
- Double-check your Bicep template to ensure that all parameters, variables, and resource references are correctly defined and aligned with your deployment requirements.
Verify that the DNS records are defined accurately in the Bicep template and that they match the expected configuration.
Here in the below is a simplified example of a Bicep template for provisioning an App Service custom domain with DNS records:
param customDomainName string
param appServiceName string
resource dnsZone 'Microsoft.Network/dnsZones@2023-07-01-preview' = {
name: 'yourdomain.com'
location: 'your-location'
}
resource dnsRecordTXT 'Microsoft.Network/dnsZones/TXT@2023-07-01-preview' = {
name: 'asuid.${customDomainName}'
parent: dnsZone
properties: {
TTL: 3600
TXTRecords: [
{
value: [ 'Your-TXT-Record-Value' ]
}
]
}
}
resource dnsRecordCNAME 'Microsoft.Network/dnsZones/CNAME@2023-07-01-preview' = {
name: customDomainName
parent: dnsZone
properties: {
TTL: 3600
CNAMERecord: {
cname: '${appServiceName}.azurewebsites.net'
}
}
}
resource customHostBindingSSLdisabled 'Microsoft.Web/sites/hostNameBindings@2023-01-01' = {
parent: appService
name: customDomainName
dependsOn: [dnsRecordCNAME, dnsRecordTXT]
properties: {
siteName: appServiceName
hostNameType: 'Verified'
customHostNameDnsRecordType: 'CName'
sslState: 'Disabled'
}
}
NOTE: Ensure that you replace placeholders like 'yourdomain.com', 'your-location', 'Your-TXT-Record-Value', etc., with your actual domain, location, and TXT record values.
By following the above steps and reviewing your Bicep template, you should be able to troubleshoot and resolve the issues encountered during the provisioning of the App Service custom domain.
References
- Quickstart: Create an Azure DNS zone and record - Bicep - Azure DNS
- Troubleshoot common Azure deployment errors - Azure Resource Manager
- Create an App Service app using Azure Bicep - Azure App Service
Accept Answer
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.
Best Regards,
Sina Salam