Background
To better understand my request I describe my setup first. I host my Gentoo installation guide on Cloudflare Pages. To get things working I must have a DNS record as shown in the following code block. There is no alternative provided by Cloudflare.
❯ delv +nodnssec cname gentoo.duxsco.de
; fully validated
gentoo.duxsco.de. 294 IN CNAME gentoo-installation.pages.dev.
Unfortunately, this doesn't allow for any other DNS record, and that's a limitation of using CNAME records. So, a TXT record as outlined in the Keyoxide docs is not possible.
Google's Approach
Thus, I suggest a solution similiar to the one provided in the Google Search Console (formerly: Google Webmaster Tools).
As usual, they support TXT records:
In addition, the "CNAME record" approach is supported, but you can use a subdomain which means you'll have the following DNS record that wouldn't interfere with any preexisting CNAME record.
❯ delv +nodnssec cname 5ib6t6yu6awy.example.duxsco.de
; fully validated
5ib6t6yu6awy.example.duxsco.de. 294 IN CNAME gv-fiyujhu5bw4inc.dv.googlehosted.com
My request
Keyoxide should support a DNS proof where a subdomain of "gentoo.duxsco.de" is used. It can be either a predefined subdomain, e.g. "keyoxide-proof.gentoo.duxsco.de", or some hash prepended to "gentoo.duxsco.de", e.g. "ur4378rzeaf.gentoo.duxsco.de". I think the "predefined subdomain" approach is sufficient.