Which DNS record type should you create to verify a custom domain name in Azure AD?

To verify a custom domain name in Azure Active Directory (Azure AD), creating an MX (Mail Exchange) record is the correct approach. This method is part of the domain verification process where Azure AD requires you to prove ownership of the domain.

When you add a custom domain to Azure AD, Microsoft typically provides a unique MX record that you need to add to your DNS settings. Once this record is published, Microsoft checks for its presence to confirm that you control the domain. The verification process makes sure that only authorized users can manage the Azure resources linked to that domain.

PMX records are specifically designed to direct email traffic, but their utility in verification stems from their relatively low likelihood of being modified by other services once set up, making them a reliable method for domain validation.

Other options, while they serve important purposes in DNS management, do not align with the specific requirements for verifying a custom domain in Azure AD. For example, PTR records are mainly used for Reverse DNS lookups, SRV records are used for service location, and CNAME records are primarily used for aliasing one domain to another. Thus, while they are essential in their respective contexts, they do not fulfill the verification requirement for a custom domain in Azure AD.