You want to use a custom domain as your Bluesky handle, and your domain is managed by Cloudflare DNS. This gives your profile a professional look and lets you prove ownership of the domain. Bluesky verifies domain handles by checking specific DNS records. Without the correct records, the handle will not verify and your custom domain will not appear on your profile.
This article explains exactly which DNS records to add in Cloudflare, how to configure them step by step, and what to do if the verification fails. You will learn the difference between the required TXT record and the optional redirection setup. By the end, you will have a working custom handle that shows your domain name on Bluesky.
Key Takeaways: Bluesky Custom Domain Handle with Cloudflare DNS
- DNS TXT record with verification token: The only required record to prove domain ownership to Bluesky.
- Cloudflare DNS dashboard: Add the TXT record at the root domain level, not a subdomain.
- Bluesky Settings > Account > Handle: Enter your full domain and trigger the verification check.
How Bluesky Verifies a Custom Domain Handle
Bluesky uses a DNS-based verification system. When you enter a custom domain as your handle, Bluesky looks for a specific TXT record at the root of that domain. The record contains a unique verification token that Bluesky provides to you. If the token matches, Bluesky confirms you control the domain and sets your handle to that domain.
This process works with any DNS provider, including Cloudflare. Cloudflare acts as both a reverse proxy and a DNS provider. Because Cloudflare can proxy traffic by default, you must ensure the TXT record is added as a DNS-only record. Proxied records do not expose the raw DNS response that Bluesky needs to read the token.
What You Need Before Starting
You need a Bluesky account. You need a domain registered with a registrar and pointed to Cloudflare for DNS management. You need access to the Cloudflare dashboard for that domain. You also need the verification token from Bluesky. You get this token when you attempt to change your handle in Bluesky settings.
Steps to Add the DNS Record in Cloudflare
Follow these steps exactly. Do not skip any step. The order matters because Cloudflare applies changes immediately but DNS propagation can take a few minutes.
- Log into Cloudflare and select your domain
Open the Cloudflare dashboard. From the account home page, click the domain you want to use as your Bluesky handle. This opens the DNS management page for that domain. - Open the DNS records section
On the left sidebar, click DNS. The DNS management table shows all current records for your domain. If you already have A, CNAME, or MX records, leave them alone. You are only adding a new TXT record. - Click Add Record
Blue button labeled Add record. A form appears with fields for Type, Name, IPv4 address or value, TTL, and Proxy status. - Set the record type to TXT
From the Type dropdown, select TXT. Do not select A, AAAA, CNAME, or any other type. - Leave the Name field empty
This is critical. Leave the Name field blank. A blank name means the record applies to the root domain, for exampleexample.com. If you type a value likewww, the record will apply towww.example.comand Bluesky will not find it. - Paste the verification token into the Value field
Bluesky provides a token that looks likedid=did:plc:abcdef123456. Copy the entire string from Bluesky and paste it into the Value field. Do not add any extra spaces or quotation marks. - Set TTL to Auto
Cloudflare sets TTL to Auto by default. This is fine. Do not change it to a custom value unless you have a specific reason. - Disable Proxy (set to DNS only)
This is the most common mistake. The Proxy status toggle must show a gray cloud icon labeled DNS only. If it shows an orange cloud labeled Proxied, click the toggle to switch it. Bluesky cannot read a proxied TXT record. - Click Save
The record appears in the DNS table. Wait 30 seconds for Cloudflare to apply the change. Then proceed to Bluesky to verify.
Steps to Verify the Handle in Bluesky
- Open Bluesky Settings
Click the hamburger menu on the left sidebar or your avatar in the top right. Select Settings from the menu. - Go to Account settings
In Settings, click Account on the left panel. The Account page shows your current handle and email. - Click Change Handle
Next to your current handle, click Change Handle. A dialog appears with two options: use a Bluesky subhandle or use a custom domain. - Select I have my own domain
Click the radio button or link that says I have my own domain. Bluesky asks you to enter your full domain name. - Type your domain and click Check
Type your domain exactly as it appears in Cloudflare, for exampleexample.com. Do not includewwworhttps://. Click Check. Bluesky queries the DNS record you created. If the token matches, Bluesky confirms the handle and changes it immediately. Your profile now shows your domain as your handle.
Optional: Redirect the Bluesky Profile URL
After setting the handle, you can add a redirect so that visiting example.com in a browser goes to your Bluesky profile. This is not required for the handle to work. It is a convenience for people who type your domain directly.
To set this up, add a CNAME record in Cloudflare:
- Add a new CNAME record
Type: CNAME, Name: @ (or leave blank for root), Target: bsky.app, Proxy status: Proxied (orange cloud). - Create a Page Rule for redirect
In Cloudflare, go to Rules > Page Rules. Create a new rule: URLexample.com/, setting Forwarding URL (301 Permanent Redirect), destinationhttps://bsky.app/profile/example.com. Replaceexample.comwith your actual domain.
This redirect is optional. Your Bluesky handle works without it. The redirect only affects web traffic, not DNS verification.
Common Verification Failures and How to Fix Them
Bluesky says handle not found after adding the TXT record
This usually means the TXT record is not visible to Bluesky yet. DNS changes can take up to 10 minutes to propagate globally, even though Cloudflare applies them instantly. Wait 5 minutes and try again. If it still fails, use a public DNS checker like dig example.com TXT from a terminal or an online tool to confirm the record is present.
The TXT record shows but Bluesky still fails
Check the token value. Copy the exact string from Bluesky again. A missing character or extra space causes failure. Also confirm the Name field in Cloudflare is truly empty. A dot or an @ symbol in the Name field can cause the record to apply to a subdomain instead of the root.
Cloudflare proxy is interfering
If the TXT record is set to Proxied, Bluesky receives a Cloudflare-generated response instead of the raw DNS record. The proxy strips the TXT value. Change the Proxy status to DNS only and wait 1 minute before retrying.
The domain uses a subdomain as the handle
Bluesky supports subdomain handles like user.example.com. For a subdomain, the TXT record must be created on that subdomain level. In Cloudflare, set the Name field to the subdomain prefix, for example user. The Value field still contains the verification token. The Proxy status must still be DNS only.
Bluesky Handle with Cloudflare DNS: Record Type Comparison
| Item | TXT Record (Required) | CNAME Record (Optional) |
|---|---|---|
| Purpose | Prove domain ownership to Bluesky | Redirect web visitors to your Bluesky profile |
| Record type | TXT | CNAME |
| Name field | Blank (root domain) | @ or blank |
| Value / Target | Verification token from Bluesky | bsky.app |
| Proxy status | DNS only (gray cloud) | Proxied (orange cloud) |
| Effect on handle | Makes custom handle appear on profile | No effect on handle |
This table shows the two DNS records you may use with Cloudflare. Only the TXT record is required. The CNAME record and Page Rule are optional additions for redirecting browser traffic.
Now you can set up your Bluesky handle with a custom domain managed by Cloudflare. The key steps are adding a DNS-only TXT record with the correct token and leaving the Name field empty. If verification fails, check the proxy status and the token string. For an extra touch, add the CNAME redirect so visitors can reach your profile directly from your domain.