How does DO verify domain ownership?

Question

Hi, I just registered a domain and pointed the nameservers to DO. I then went into the DO DNS panel and setup a test subdomain to one of my boxes. Performing a local nslookup I can confirm that the subdomain points to the correct IP of my DO box. So everything seems to be working as expected. I have to ask though, how does DO know that my account should be allowed to modify records for that domain? I don’t see what could stop someone with another DO account from modifying records for my domain. Other services like Google Apps verify domain ownership by requiring the domain owner to add a TXT record to their domain with a special code. DO doesn’t seem to do anything like that.

Answer 1

ryanpq July 2, 2015

A domain can only exist on one account so any user attempting to add it would not be able to. Cases where a domain already exists or is hijacked are extremely rare (I’ve seen 3 cases in 2+ years and in each case it was a former owner of the domain who still had records in place). In these rare cases the user can open a support ticket where we will verify the domain whois information against their billing details to verify ownership.

Reply Report

Answer 2

mehmetaliskr December 10, 2018

[deleted]

Reply Report

Related

Question

How does DO verify domain ownership?

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

How does DO verify domain ownership?

Leave a comment

Related

question

DNS security and domain hijacking

question

Webserver TCP port 53 is open or closed?

question

How to know if my VPN server is safe

question

[Feature request] CAA DNS record (Certification Authority Authorization)

Looking for something else?