Bluesky Handle Verification DNS TXT Record: Setup Walkthrough
🔍 WiseChecker

Bluesky Handle Verification DNS TXT Record: Setup Walkthrough

by

You want to use your own domain name as your Bluesky handle instead of the default username.bsky.social address. Bluesky verifies domain ownership by checking a specific DNS TXT record that you add to your domain’s DNS zone settings. This walkthrough explains the exact steps to add the verification record, confirm the setup, and switch your handle to a custom domain.

Key Takeaways: Setting Up a Custom Domain Handle on Bluesky

  • Bluesky Settings > Account > Handle: Opens the dialog to enter your custom domain and initiate verification.
  • DNS TXT record with name _atproto and value did=did:plc:xxxx: Proves domain ownership to Bluesky’s verification servers.
  • DNS propagation wait time of 5 to 30 minutes: Required after adding the record before Bluesky can detect and confirm it.

Why Bluesky Requires a DNS TXT Record for Custom Handles

Bluesky uses the AT Protocol, which separates account identity from the hosting service. When you set a custom domain as your handle, Bluesky must confirm that you control that domain. The verification method is a DNS TXT record placed at a specific subdomain: _atproto.yourdomain.com.

The record contains a value that includes your Bluesky account’s decentralized identifier. This identifier, called a DID, is a permanent string such as did:plc:abcdef123456. Bluesky’s servers query DNS for that TXT record. If the record matches the expected value, Bluesky assigns the domain as your verified handle.

This method is secure because only the domain owner can add or modify DNS records. No third party can claim your domain handle without access to your DNS provider. The verification is also portable: if you move your Bluesky account to another hosting provider, the same DNS record proves your identity.

Prerequisites Before You Start

You need three things before beginning the setup:

  • A registered domain name with DNS management access. This can be through your domain registrar, a hosting provider, or a dedicated DNS service like Cloudflare or AWS Route 53.
  • Your Bluesky account must be active and logged in on the web app or mobile app.
  • You must have the ability to add a TXT record to your domain’s DNS zone. If you are unsure how to do this, contact your DNS provider’s support documentation.

Steps to Add the DNS TXT Record and Verify Your Handle

Follow these steps in order. Do not skip any step, and wait for DNS propagation before pressing the verify button.

  1. Open Bluesky Settings and Go to the Handle Section
    Log in to Bluesky on the web at bsky.app or open the mobile app. Click your profile picture in the top-right corner, then select Settings from the dropdown menu. On the Settings page, click Account in the left sidebar. Under the Handle heading, click the Change button next to your current handle.
  2. Enter Your Custom Domain
    In the dialog that appears, select the option labeled I have my own domain. Type your full domain name into the text field. For example, type example.com or subdomain.example.com if you want a subdomain handle. Do not include http:// or www. Click Next.
  3. Copy the DNS Record Details from Bluesky
    Bluesky displays the exact DNS record you need to create. The screen shows two pieces of information: the record name and the record value. The record name is _atproto for the root domain, or _atproto.yourdomain.com if you are using a subdomain. The record value looks like did=did:plc:abcdef123456. Copy the entire record value string to your clipboard.
  4. Add the TXT Record in Your DNS Provider
    Log in to your domain registrar or DNS provider. Navigate to the DNS settings or DNS zone editor for your domain. Create a new TXT record with the following settings:

    – Type: TXT
    – Name/Host: _atproto (or _atproto.yourdomain.com for a subdomain)
    – Value: Paste the full string you copied from Bluesky, for example did=did:plc:abcdef123456
    – TTL: Leave at the default or set to 300 seconds to speed up propagation

    Save the record.

  5. Wait for DNS Propagation
    DNS changes do not take effect immediately. Wait at least 5 minutes. For safety, wait 15 to 30 minutes. You can check propagation using an online DNS lookup tool by querying the TXT record for _atproto.yourdomain.com. The tool should show your record value.
  6. Return to Bluesky and Verify
    Go back to the Bluesky handle change dialog. Click the Verify DNS Record button. Bluesky queries your domain’s DNS and checks for the correct TXT record. If the record is found and matches, Bluesky confirms the verification and changes your handle to your custom domain. Your profile now displays the custom domain as your handle.

Common Mistakes and DNS Verification Failures

Even with correct steps, verification can fail. Here are the most frequent issues and how to resolve them.

Record Name Is Wrong or Missing the Underscore

The record name must start with an underscore: _atproto. Some DNS providers automatically append the domain name to the record name. If your provider does this, entering only _atproto is correct. If the provider requires the full name, use _atproto.yourdomain.com. Check your provider’s documentation for the correct format.

Record Value Contains Extra Spaces or Characters

Copy the exact value from Bluesky. Do not add spaces, quotation marks, or line breaks. The value must be a single continuous string. If your DNS provider adds quotation marks automatically, that is usually fine, but verify that the internal string has no extra characters.

DNS Propagation Has Not Completed

If you click Verify DNS Record immediately after saving the record, Bluesky may not see it. Wait at least 15 minutes. Use a public DNS checker like dnschecker.org to confirm the record is visible globally before retrying verification.

You Are Using a Subdomain but Added the Record to the Root Domain

If your handle is user.example.com, the TXT record must be at _atproto.user.example.com, not at _atproto.example.com. Create the record in the subdomain’s DNS zone if your provider supports separate zones, or use the full record name including the subdomain.

Your DNS Provider Does Not Support Underscore in Record Names

Some older DNS management interfaces reject underscore characters. If this happens, use a different DNS provider that supports modern DNS records. Cloudflare, AWS Route 53, and Google Cloud DNS all support underscores in TXT record names.

Comparing Verification Methods: DNS TXT Record vs Bluesky’s Default Handle

Item DNS TXT Record (Custom Domain) Default Handle (username.bsky.social)
Setup effort Requires DNS access and adding one record No setup required
Portability Handle stays with your domain if you change Bluesky providers Handle is tied to Bluesky’s hosting service
Verification method DNS query for TXT record at _atproto subdomain No external verification needed
Security Domain ownership is cryptographically proven Relies on Bluesky’s internal account system
Propagation delay 5 to 30 minutes for DNS changes Instant

A custom domain handle gives you ownership and portability. The default handle is simpler but locks your identity to Bluesky’s service. For business accounts or personal brands, the custom domain is the better choice.

You can now set up a custom domain handle on Bluesky by adding a DNS TXT record. After verification, your profile shows your domain as the handle. For advanced use, consider adding multiple subdomain handles for different accounts or testing verification on a staging domain before applying it to your primary domain.

← Back to WiseChecker HomeMore in Windows & PC

🔍 Recommended for You