views:

221

answers:

3

When setting up Google Adsense or Gmail as a site owner, you are required to modify a CNAME record for verification. Microsoft does the same thing.

I am building a website where I would like an owner of a group to verify ownership of a domain in the same way. How do I accomplish this?

+1  A: 

You need to query DNS server for the CNAME record of that domain. It can be as simple as using dig/nslookup/etc and scraping data from it or using name resolving capabilities of your platform/language.

Zepplock
A: 

You might also be aware of this technique and already dismissed it (since this really shows who has control over a site rather than a domain as you specify), but you could ask the person to place a file of a specific name and content on the root level of the domain.

For example:

http://www.blahdeblah.net/**verify.txt**

The one advantage is that once they do this you don't have to wait for changes to propagate, its immediate.

michael
"Well-known" URIs are bad. This tries to make them less bad, but they're still bad: http://tools.ietf.org/html/draft-nottingham-site-meta-02
Bob Aman
A: 

There's lots of ways to do this. Listed in order of preference:

I would recommend implementing some combination of these. The last one should be a measure of last resort for people who can't insert things into the <head> section of their sites. Done well, many users might be able to claim ownership of their domain without having to take any action at all, provided they've supplied you with an email address already.

For the specific issue of getting DNS information, try this:

$ dig TXT google.com

; <<>> DiG 9.4.3-P3 <<>> TXT google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4045
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.      IN TXT

;; ANSWER SECTION:
google.com.  3600 IN TXT "v=spf1 include:_netblocks.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all"

;; Query time: 131 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Sat Oct 24 16:50:56 2009
;; MSG SIZE  rcvd: 122

This particular query gives you the SPF entries for google.com. You could just as easily do:

dig TXT verify.example.com

Then check the confirmation code in the answer section.

Bob Aman
Am I right to assume that the confirmation code is after "v="? I found this resource with more info: http://en.wikipedia.org/wiki/Sender_Policy_Framework#Implementation
Wraith
I was giving an example of an unrelated real-world usage of TXT records. The link you gave explains SPF (prevents spam). In your case, you would need to design your own confirmation scheme. Probably issue a nonce, and just have them copy-paste the nonce into a TXT record.
Bob Aman