Skip to main content
Before Mjolnir starts a run, you must verify that you own or are authorised to test the target domains. This is a one-time step per domain — once verified, you don’t need to re-verify for future runs. You can verify domains in four ways. The wizard will pick the most convenient one for your DNS setup automatically, but you can always switch tabs and use a different method.

Method 1: One-click DNS (Domain Connect)

If your DNS is managed by Cloudflare (or another Domain Connect-supporting provider), Mjolnir can add the verification record for you. This is by far the fastest option. Mjolnir automatically detects whether your domain supports one-click setup. If it does, you’ll see a panel offering Continue to Cloudflare (or Continue for other providers) above the manual verification tabs.
1

Click Continue

The setup wizard opens your DNS provider’s Domain Connect consent page in a new tab.
2

Approve the request

Sign in to your DNS provider (e.g. Cloudflare) and approve the request to add the verification record. Mjolnir’s apply URL is RSA-SHA256 signed so your provider can verify the request originates from Borg.
3

Return to Odin

You’re redirected back to the setup wizard. Verification then runs automatically and the domain status flips to ✅ Verified within a few seconds.
Mjolnir requests only the DNS records it needs for verification. It never asks for broader DNS or account permissions.
If your domain’s DNS provider doesn’t expose a Domain Connect endpoint, this panel doesn’t appear and you’ll need to use one of the manual methods below.

Method 2: TXT record

Add a TXT record to your domain’s DNS.
FieldValue
TypeTXT
Name_borg-verify.{your-domain}
Valueborg-verify={your-generated-token}
The exact values are generated for your organisation and shown in the setup wizard. Copy them directly from there.
If your DNS provider doesn’t support custom record names, you can place the TXT record on the root domain instead — Mjolnir will find it either way.
TXT records typically propagate within a few minutes but can take up to 48 hours in rare cases. Most DNS providers update within 5–10 minutes. Cloudflare users: the wizard offers a one-click “Open Cloudflare DNS” link next to the TXT instructions that takes you straight to the DNS records page for your domain.

Method 3: CNAME record

Add a CNAME record to your domain’s DNS configuration.
FieldValue
TypeCNAME
Name{your-generated-token}.{your-domain}
Valueverify.borg.{your-generated-token}
Both values are generated for your organisation — copy them from the wizard. How to add a CNAME record:
  1. Go to your domain in the Cloudflare dashboard
  2. Click DNS > Records > Add record
  3. Set Type to CNAME, Name to the provided value, and Target to the provided value
  4. Set Proxy status to DNS only (grey cloud). Proxied CNAME records won’t resolve correctly for verification.
  5. Click Save
  1. Open the Route 53 console and go to Hosted zones
  2. Select your domain and click Create record
  3. Set Record type to CNAME, Record name to the provided value, and Value to the provided value
  4. Click Create records
  1. Log in and go to My Products > DNS
  2. Click Add and select CNAME
  3. Fill in the Name and Value fields with the provided values
  4. Click Save

Method 4: File upload

Host a specific text file at a known URL on your domain. Place the file at: 
https://{your-domain}/.well-known/borg-verification.txt
File contents: 
{your-generated-token}
The file should be publicly accessible over HTTPS, return a 200 status code, and contain only the token (no extra whitespace or HTML).
This method is useful if you don’t have access to DNS but can deploy a file to your web server or CDN.

Verifying

Mjolnir polls each domain every few seconds while the step is open, so as soon as the record is in place the status flips automatically. You can also click Retry on any domain to check immediately. Status indicators:
  • 🔄 Checking — Mjolnir is looking for the record
  • Verified — record found and validated
  • Failed — record not found yet (try again after DNS propagation)
Domain verification showing all checks passed
If verification fails, double-check that:
  • You used the exact values shown in the wizard (copy-paste, don’t retype)
  • DNS changes have had time to propagate (wait a few minutes and retry)
  • The file is accessible over HTTPS without a redirect
If you’re still having trouble, contact us at [email protected].

After verification

Once every target domain is verified, the Run Assessment button becomes active. Click it to launch Mjolnir. You’ll be redirected to the live run dashboard, where you can watch the assessment as it runs.
Domain verification persists. Once a domain is verified, you don’t need to re-verify it for future runs against the same domain.