revert DNS config changes

Author: dlepow

articles/api-management/breaking-changes/managed-certificates-suspension-august-2025.md

@@ -37,16 +37,14 @@ If you need to add new managed certificates, plan to do so before August 15, 202
 If you already have managed certificates for your custom domains, do the following to ensure continued access:
 
 - Ensure that your API Management service allows [inbound traffic from DigiCert IP addresses on port 80](#allow-access-to-digicert-ip-addresses). This access is now required for the certificate autorenewal process.
-- Ensure that your DNS configuration is correct as described in [Configure DNS](#configure-dns).
+
 
 [!INCLUDE [api-management-managed-certificate-ip-access.md](../../../includes/api-management-managed-certificate-ip-access.md)]
 
 ### Configure DNS 
 
 Configure your DNS provider to map your custom domain name to the default domain name of your API Management instance.
 
-[!INCLUDE [api-management-managed-certificate-dns-configuration.md](../../../includes/api-management-managed-certificate-dns-configuration.md)]
-
 ## Help and support
 
 If you have questions, get answers from community experts in [Microsoft Q&A](https://aka.ms/apim/azureqa/change/captcha-2022). If you have a support plan and need technical help, create a [support request](https://portal.azure.com/#view/Microsoft_Azure_Support/HelpAndSupportBlade/~/overview).

articles/api-management/configure-custom-domain.md

@@ -197,7 +197,24 @@ Configure your DNS provider to map your custom domain name to the default domain
 
 # [Managed](#tab/managed)
 
-[!INCLUDE [api-management-managed-certificate-dns-configuration.md](../../includes/api-management-managed-certificate-dns-configuration.md)]
+
+[!INCLUDE [api-management-custom-domain-dns-configuration.md](../../includes/api-management-custom-domain-dns-configuration.md)]
+
+> [!CAUTION]
+> When you use the free, managed certificate and configure a CNAME record with your DNS provider, make sure that it resolves to the default API Management service hostname (`<apim-service-name>.azure-api.net`). Currently, API Management doesn't automatically renew the certificate if the CNAME record doesn't resolve to the default API Management hostname. For example, if you're using the free, managed certificate and you use Cloudflare as your DNS provider, make sure that DNS proxy isn't enabled on the CNAME record. 
+
+### TXT record for domain ownership verification
+
+### TXT record 
+
+When enabling the free, managed certificate for API Management, also configure a TXT record in your DNS zone to establish your ownership of the domain name. 
+
+* The name of the record is your custom domain name prefixed by `apimuid`. Example: `apimuid.api.contoso.com`.
+* The value is a domain ownership identifier provided by your API Management instance.
+
+When you use the portal to configure the free, managed certificate for your custom domain, the name and value of the necessary TXT record are automatically displayed.
+
+You can also get a domain ownership identifier by calling the [Get Domain Ownership Identifier](/rest/api/apimanagement/current-ga/api-management-service/get-domain-ownership-identifier) REST API.
 
 ---