ansaurus

Question

Answer 1

+1 A:

You need to query DNS server for the CNAME record of that domain. It can be as simple as using dig/nslookup/etc and scraping data from it or using name resolving capabilities of your platform/language.

Zepplock 2009-10-24 23:19:30

Answer 2

A:

You might also be aware of this technique and already dismissed it (since this really shows who has control over a site rather than a domain as you specify), but you could ask the person to place a file of a specific name and content on the root level of the domain.

For example:

http://www.blahdeblah.net/**verify.txt**

The one advantage is that once they do this you don't have to wait for changes to propagate, its immediate.

michael 2009-10-24 23:26:23

"Well-known" URIs are bad. This tries to make them less bad, but they're still bad: http://tools.ietf.org/html/draft-nottingham-site-meta-02

Bob Aman 2009-10-24 23:30:08

Answer 3

A:

There's lots of ways to do this. Listed in order of preference:

microid
whois (check email address and/or name)
OpenID w/ delegation
DNS TXT (or CNAME if you must)
Insert HTML comment  into main page

I would recommend implementing some combination of these. The last one should be a measure of last resort for people who can't insert things into the <head> section of their sites. Done well, many users might be able to claim ownership of their domain without having to take any action at all, provided they've supplied you with an email address already.

For the specific issue of getting DNS information, try this:

$ dig TXT google.com

; <<>> DiG 9.4.3-P3 <<>> TXT google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4045
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.      IN TXT

;; ANSWER SECTION:
google.com.  3600 IN TXT "v=spf1 include:_netblocks.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all"

;; Query time: 131 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Sat Oct 24 16:50:56 2009
;; MSG SIZE  rcvd: 122

This particular query gives you the SPF entries for google.com. You could just as easily do:

dig TXT verify.example.com

Then check the confirmation code in the answer section.

Bob Aman 2009-10-24 23:41:38

Am I right to assume that the confirmation code is after "v="? I found this resource with more info: http://en.wikipedia.org/wiki/Sender_Policy_Framework#Implementation

Wraith 2009-10-25 15:37:04

I was giving an example of an unrelated real-world usage of TXT records. The link you gave explains SPF (prevents spam). In your case, you would need to design your own confirmation scheme. Probably issue a nonce, and just have them copy-paste the nonce into a TXT record.

Bob Aman 2009-10-25 18:03:33

ansaurus

tags:

views:

answers:

Verify domain ownership

related questions