DNS Setup Guide

Add your Work References TXT record in a few minutes

Why do I need a DNS record?

Work References anchors your identity to your domain. When you generate an Ed25519 key pair, your public key needs to be published as a DNS TXT record so that anyone verifying a reference can confirm it genuinely came from your domain.

Without the DNS record, references will still have valid cryptographic signatures, but verification will show "Silver" status instead of "Gold". Adding the record upgrades all your references to full Gold verification.

Your DNS record

You need to add a single TXT record with these details. Your exact values are shown on the Key Generator page after you generate a key pair.

REF1._workreferences

Most registrars append your domain automatically. Only enter the part above.

TXT
v=workreferences1; k=ed25519; p=YOUR_PUBLIC_KEY_HERE

Replace YOUR_PUBLIC_KEY_HERE with your actual base64 public key from the Key Generator.

Step-by-step instructions

Select your domain registrar for specific instructions.

Namecheap

  1. Sign in to your Namecheap account and go to Domain List.
  2. Click Manage next to your domain.
  3. Go to the Advanced DNS tab.
  4. Click Add New Record and select TXT Record.
  5. In the Host field, enter your selector and subdomain (e.g. REF1._workreferences). Do not include your domain name here, Namecheap adds it automatically.
  6. In the Value field, paste your full record value (starting with v=workreferences1).
  7. Set TTL to Automatic and click the green tick to save.

Troubleshooting

How long does it take?

DNS changes typically propagate within 15 minutes to 2 hours. In rare cases it can take up to 48 hours. You can check your record using the "Check DNS" button on the Key Generator page.

Common mistakes

  • Including the full domain in the Host field. Most registrars append your domain automatically. Enter REF1._workreferences, not REF1._workreferences.yourdomain.com.
  • Extra quotes around the value. Some registrars add quotes for you. If yours does, do not wrap the value in additional quotes.
  • Trailing spaces or line breaks. Make sure you copy the exact value without extra whitespace.
  • Wrong record type. This must be a TXT record, not CNAME, A, or MX.

How to verify your record manually

You can check whether your record has propagated using the command line:

# macOS / Linux

dig TXT REF1._workreferences.yourdomain.com

# Windows

nslookup -type=TXT REF1._workreferences.yourdomain.com

You should see your v=workreferences1 value in the response. If it is not there yet, wait a bit longer and try again.

Still showing Silver?

If your references are verified as Silver rather than Gold, DNS has either not propagated yet or the record value does not match your public key. Double-check the value you entered and try the manual verification above. You can also use the "Check DNS" button on the Key Generator page. If the record looks correct, wait an hour and try again.

Ready to sign your first reference?

Generate KeysSign a Reference