Domain Pointing / Stealing Via DNS On DigitalOcean Side

September 16, 2014 1.5k views

I am just a bit confused as to how DNS works in terms of when it is assigned to DigitalOcean's nameservers.

My domain from Namecheap is pointed at NS1/2/3.DIGITALOCEAN.COM. and I added the domain under DNS in DO to point to the droplet IP. My question is, wouldn't someone else using DO be able to do the same thing and assign a domain in their own DNS panel and point the record to their own droplet IP?

AKA: how does DO know what domain should point to what account's DNS?


1 Answer

You should google how a domain name is resolved or how DNS works.

Process of a DNS request from my knowledge

  1. client send a request to a name server
  2. name server search it's cache for answer (ip) if it have cache return the result to the client > query ended successfully if not, it will query the root name server, and the root will return the authoritative name servers which you specified for your domain to answer the query. After getting an answer from the authoritative name server, the name server cache the result for later query and return the result to the client > query ended successfully.

The TTL field of a dns record is to tell other name server how long it can keep the cache before requerying.

Anyone can setup a name server for any domain, but only the authoritative name servers is responsible for all unanswered dns query.

How does DO know what domain should point to what account's DNS?

The answer is DO don't know what domain should point to what account's DNS?
Only the authoritative name servers you set at your registrar matters.

  • If you are getting a message saying: Name has already been taken, when adding domain name to DO's name server.

    That means someone has already defined the records for that domain at DO's name servers.

    This maybe the domain name stealing you are talking about.

    I think this can be easily resolved by contacting DO's support to prove the ownership.

    If you are interested, you can try the following commands to see what answer you get.


    Someone already defined's records on DO's name server but since's authoritative name servers is not
    No one will get for normal query unless he/she is querying

  • Your second answer is what I'm looking for. I know about the authoritative ns but my question was with what happens after that on DO's side. I guess contacting DO is the only way to solve that issue.


Have another answer? Share your knowledge.