Skip to main content

Please log into UltraDNS for full Help Center and Community access

CertCentral DCV TXT Records Cannot Be Deleted in UltraDNS

Updated

This article explains why DCV TXT records such as _dnsauth.yourdomain.com cannot be deleted in UltraDNS when they are created through DigiCert CertCentral integration. 

It clarifies expected behavior, why deletion fails even with administrative access, and how these records must be managed.

What You May Observe

  • Attempts to delete a _dnsauth TXT record fail in the UltraDNS portal
  • Error message: Only system user can create the required record type
  • The issue occurs even with full administrative permissions
  • Other users with the same access level experience the same behavior

Why This Happens

The _dnsauth TXT records are not standard DNS records created manually by users.

They are automatically generated and managed by the DigiCert CertCentral and UltraDNS integration as part of the domain control validation workflow. 

These records are owned by a system-level process and are tied directly to the lifecycle of certificate validation.

Because of this, UltraDNS enforces restrictions that prevent any manual modification or deletion of these records. 

These restrictions apply regardless of user role, permissions, or account privileges.

Important Notes About the UI

Some system-managed records may appear similar to standard DNS records in the UltraDNS portal. 

For example, they may not be visually distinguished as read-only or system-controlled.

  • The absence of a visual indicator does not mean the record is user-editable
  • These records remain system-managed even if they appear editable

How These Records Are Managed

The CertCentral integration is responsible for the full lifecycle of DCV records. 

This includes:

  • Creating validation TXT records
  • Updating records during validation workflows
  • Removing records when validation is complete or no longer required

All actions occur automatically based on the validation process initiated in CertCentral.

What You Should Do Instead

If you need to modify or remove a _dnsauth TXT record, this must be done through CertCentral rather than UltraDNS.

  • Do not attempt to manually delete the record in UltraDNS
  • Initiate or restart validation from CertCentral if changes are required
  • Allow the integration to manage the record lifecycle automatically

When to Contact Support

Contact support if the integration is not behaving as expected. 

This includes scenarios where:

  • The TXT record is not updating during validation
  • Validation is failing and not progressing in CertCentral
  • The record appears stuck and is not being removed or updated

Provide the domain name, the _dnsauth record value, and relevant timestamps or validation attempts to assist with investigation.

Expected Outcome

When functioning correctly, CertCentral automatically creates, updates, and removes DCV TXT records as part of the validation workflow. 

Manual deletion is not required and is not permitted for system-managed records.

Related to

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles