Try removing all of your records and readding them in Railway and Cloudflare.

Also, if you wish to use your root domain as a custom domain in Railway, you'll need to add both @ and www .

can you please share the ss showing the records provided by the railway and the ones which you added in cloudfare (after updating the nameservers)?
Something looks odd in the txt record you are talking about

Thank you for the suggestions. Removed all records and re-added fresh as suggested. Root domain + www both added to frontend, api added to backend. Cloudflare DNS only (no proxy). Screenshots attached.

Update — DNS is working but verification stuck

I removed all records and domains and started fresh. Traffic is confirmed reaching Railway — visiting www.tourflows.com returns Railway's 404 page ("The train has not arrived at the station"), so DNS resolution is working correctly. However, all three domains are stuck on "Waiting for DNS update" and won't verify.

Current setup:

Three custom domains in Railway:

• tourflows.com → Frontend service (CNAME: 7hgg0hq6.up.railway.app)

• www.tourflows.com → Frontend service (CNAME: 6imoaotw.up.railway.app)

• api.tourflows.com → Backend service (CNAME: 6ukt4r93.up.railway.app)

Cloudflare DNS records:

• All three CNAMEs are set to the values above with proxy enabled (orange cloud)

• No TXT railway-verify records (deleted per previous troubleshooting)

• No _acme-challenge records

• No DNSSEC

• SSL/TLS mode set to Full

• Universal SSL enabled

What I've tried:

• Removed and re-added domains multiple times with fresh CNAME values each time

• Tried both proxied (orange cloud) and DNS-only (grey cloud) — neither triggers verification

• Deleted all old TXT railway-verify records to avoid CNAME/TXT conflicts

• Confirmed no stale or conflicting DNS records

Since Railway's own 404 page is being served, the DNS and Cloudflare proxy are clearly working. It seems like the verification check itself isn't recognizing the connection. Is there anything that can be done on Railway's end to push the verification through?

Try setting the record TTL to the least amount that's available.

I tried that, and a number of other things, could not get it working, just stuck Waiting for DNS and Waiting for Verification.
Spent a couple of hours this morning migrating everything to Render, moved the SQL database, backend and frontend over.
Site is now live on Render, everything working the way it should be no DNS or verification issues, certificates issued, life is good.
Sorry to say I'll be removing everything from Railway and hosting on Render.
Thank you for those who tried to help, I'm still not sure what the problem was, and unfortunately because I was in the process of setting this up, I was on the basic plan with Railway which includes no direct Railway support. @Railway, I'm paying for Render, and I would have been happy to pay for Railway, but I'm not going to pay for something that doesn't work and there is not even a basic level of support at the beginning, I'd rather pay for something that works than get something for free that doesn't work.