DNS verification step-by-step

When you click Verify on a custom domain, QR NFC Tap does this:

What we check

1. CNAME lookup — does your.host.com have a CNAME record?
2. Target match — does the CNAME point at cname.qrnfctap.com (or any host containing qrnfctap.com)?
3. A-record fallback — if CNAME isn't visible (e.g. Cloudflare flattens), does your.host.com resolve to one of our origin IPs?
4. A-via-Cloudflare — does your.host.com resolve to the same Cloudflare-edge IPs as cname.qrnfctap.com? This is the typical "Cloudflare orange cloud enabled" pattern.

If any of those four checks pass, we mark the domain verified and start serving traffic for it.

Common failure modes

"no DNS records found yet"

Your CNAME hasn't propagated. DNS typically takes 1–5 minutes; up to 48 hours in pathological cases. Wait, then click Verify again.

"CNAME does not point at cname.qrnfctap.com"

Double-check the target value in your DNS provider. Common typos: qrnfctap.com (missing the cname. prefix), cname.tapcard.com (wrong TLD), trailing space.

Verification works but the domain shows a Cloudflare error page

Your DNS is correct but the Cloudflare proxy is off (grey cloud). Toggle it to orange-cloud (proxied) for SSL provisioning.

"SSL certificate error" in browser despite proxy ON

Cloudflare's Universal SSL takes up to 15 minutes after proxy enable. If after 30 minutes it's still failing, in Cloudflare → SSL/TLS → check that "Full" or "Full (strict)" is selected, NOT "Flexible".

Manual diagnosis

Run from your laptop:

dig qr.youragency.com CNAME
dig qr.youragency.com A

Compare against:

dig cname.qrnfctap.com CNAME
dig cname.qrnfctap.com A

If the IP sets match, you're good — QR NFC Tap sees you.