1. Bind a domain
Use the Domains console for DNS TXT bindings or the .well-known console for hosted JSON bindings. PacStac creates the binding record and immediately attempts a first check.
Learn
PacStac Stewardship
PacStac Verification Playbook
This guide ties everything together: how PacStac evaluates proofs, what the scheduler logs mean, and how to troubleshoot failed checks. Keep it open during onboarding or incident response.
Lifecycle at a glance
2. Publish the proof
Add the TXT record or upload pacstac_<domain>.json. Confirm with `dig` or your hosting platform’s preview that the proof is live before leaving the page.
3. Scheduler cadence
PacStac re-verifies automatically. A successful check sets status to PASS and schedules the next run ~30 minutes out (bounded by DNS TTLs). Failures back off to 60 minutes and record error notes.
4. Consume attestations
Each PASS generates an attestation with issue and expiry times. Fetch via API or subscribe to webhooks to keep downstream systems in sync.
Understanding statuses
| Status | Meaning | Next steps |
|---|---|---|
| PASS | Proof matched the wallet. Attestation issued. | No action required. Monitor attestation expiry. |
| PENDING | Awaiting confirmation—often during initial propagation. | Double-check the proof. Manual run if needed. |
| FAIL | Proof missing or mismatched. | Restore the TXT/JSON, then trigger a manual check. |
| SOFT_FAIL | Temporary resolver errors prevented quorum. | Investigate upstream outages; PacStac will retry. |
Troubleshooting
Status stays PENDING
Wait one TTL and ensure the proof is visible from public resolvers (1.1.1.1). Use the Scheduler output log to see which host returned a mismatch.
Fails after passing
Either the TXT/JSON was removed or caches still hold the old value. Verify that automation or CDN rules aren’t rewriting responses.
Manual run rate-limited
Manual checks are throttled to once every 5 minutes per binding to protect resolvers. Use the automatic scheduler for continuous monitoring.
Automation ideas
- • Subscribe to webhook notifications and post them into PagerDuty or Slack.
- • Export attestation data nightly to your data warehouse for compliance reporting.
- • Pair PacStac status with on-call runbooks so rotation engineers know how to restore proofs.
Need a refresher on TXT or JSON publishing? Jump back to the Learn overview for quick links.