How does DO verify domain ownership?

July 2, 2015 1.6k

DNS Security

Hi, I just registered a domain and pointed the nameservers to DO. I then went into the DO DNS panel and setup a test subdomain to one of my boxes. Performing a local nslookup I can confirm that the subdomain points to the correct IP of my DO box. So everything seems to be working as expected. I have to ask though, how does DO know that my account should be allowed to modify records for that domain? I don't see what could stop someone with another DO account from modifying records for my domain. Other services like Google Apps verify domain ownership by requiring the domain owner to add a TXT record to their domain with a special code. DO doesn't seem to do anything like that.

1 Answer

ryanpq MOD July 2, 2015

A domain can only exist on one account so any user attempting to add it would not be able to. Cases where a domain already exists or is hijacked are extremely rare (I've seen 3 cases in 2+ years and in each case it was a former owner of the domain who still had records in place). In these rare cases the user can open a support ticket where we will verify the domain whois information against their billing details to verify ownership.

Have another answer? Share your knowledge.

Share

Share your Question

How does DO verify domain ownership?

Leave a Comment

Related Questions

Almost there!

Report a Bug