We're running 13+ projects on Railway with Cloudflare (Proxied mode). Each project has 3 custom domains on the same service:

example.com → CNAME → abc123.up.railway.app (Proxied)

adm.example.com → CNAME → abc123.up.railway.app (Proxied) ← same target

ptn.example.com → CNAME → abc123.up.railway.app (Proxied) ← same target

All domains are registered via customDomainCreate. The API returns a different requiredValue for each subdomain, but since Cloudflare Proxy forwards the

Host header, routing works correctly with the shared root CNAME target.

Issue 1: Subdomain status

This setup worked fine for over a month. However, subdomain statuses always show REQUIRES_UPDATE while the root domain shows PROPAGATED. Is this

expected with Cloudflare Proxied mode, or does it indicate a real problem?

Issue 2: TXT verification records

At one point, we experienced "Application not found" errors on subdomains. We suspected TXT verification records (like _railway-verify) might be

required, similar to other hosting providers. However, when we query the customDomainCreate mutation response and dnsRecords, the API only returns CNAME

records with DNS_RECORD_PURPOSE_TRAFFIC_ROUTE — no TXT records are ever returned.

We confirmed via schema introspection that DNS_RECORD_TYPE_TXT exists in the enum, and DNS_RECORD_PURPOSE_ACME_DNS01_CHALLENGE is a valid purpose, but

neither appears in actual API responses for our domains.

Questions:

1. Does Railway require any TXT verification records for custom domains? If so, why aren't they returned by the API?

2. Is it supported to use the root domain's CNAME target for all subdomains under Cloudflare Proxied mode?

3. Is the persistent REQUIRES_UPDATE status on proxied subdomains a known behavior or a real issue we need to address?

Thanks!