Steps to Update Domain DNS Servers to Cloudflare and Verify Google Workspace Ownership

1. Update Domain DNS Servers to Cloudflare

1.1 Login to Your Domain Registrar Account

• Log in to your domain registrar account (e.g., AWS Route 53 or other registrars).

1.2 Get Cloudflare’s DNS Servers

• Cloudflare provides two DNS server addresses for your domain:
  • xxx.ns.cloudflare.com
  • yyy.ns.cloudflare.com

1.3 Update DNS Servers at Your Domain Registrar

To make changes in AWS Route 53:

• Log in to the AWS Management Console: Open the AWS Management Console and log in with your account.
• Navigate to the Route 53 console: Among the service list, find and select Route 53.
• Select the “Registered Domains” section: In the left menu, select “Registered Domains.”
• Find and select your domain zzz.com: Find your domain and click to enter.
• Update DNS servers: In the domain details page, find the “Name Servers” section and click “Add or edit name servers.” Replace the existing DNS server addresses with the ones provided by Cloudflare:
  • xxx.ns.cloudflare.com
  • yyy.ns.cloudflare.com
• Save changes.

1.4 Verify DNS Server Update

• Wait for DNS updates to take effect: DNS server changes can take a few minutes to 24 hours to propagate.
• Use nslookup or dig tools to verify:
  nslookup -type=ns zzz.com
  or
  dig ns zzz.com
  Confirm that the returned DNS server addresses are those provided by Cloudflare.

Apply for Cloud Identity

• Before verifying domain ownership, refer to the Apply for Cloud Identity page and follow the guide to apply for Cloud Identity.

2. Verify Google Workspace Domain Ownership

2.1 Get Verification TXT Record

• Log in to Google Workspace Admin Console: Visit the Google Workspace Admin Console.
• Log in to your Google Workspace account.
• Get the verification TXT record: In the setup wizard, Google Workspace will prompt you to verify domain ownership and provide a TXT record value, such as google-site-verification=XXXXXXX.

2.2 Log in to Cloudflare

• Visit Cloudflare’s website: Open Cloudflare’s website and log in to your account.
• Select your domain: In the dashboard, select the domain you want to manage, zzz.com.

2.3 Add TXT Record

• Go to the DNS management page: Click on the “DNS” tab to enter the DNS management page.
• Add a TXT record: Click the “Add Record” button. In the record type (Type) dropdown menu, select TXT. In the name (Name) field, enter @ (representing the root domain) or as instructed by Google Workspace. In the content (Content) field, enter the verification TXT record value provided by Google Workspace, such as:
  google-site-verification=XXXXXXX
• Select “Auto” for TTL and click “Save” to save the record.

2.4 Verify Domain Ownership

• Return to the Google Workspace Admin Console:
  Go back to the domain verification page in Google Workspace.
• Complete the verification: Click the “Verify” or “Complete Verification” button. Google Workspace will check the TXT record you added to the DNS configuration, and once it finds the record, it will confirm your domain ownership.

2.5 Wait for Verification to Take Effect

• Wait for DNS records to propagate: DNS record changes may take a few minutes to 48 hours to take effect.
• Use command-line tools to verify TXT record:
  • Using nslookup tool:
    nslookup -type=txt zzz.com
  • Using dig tool:
    dig txt zzz.com