undefined | Better HN

0 pointsjrochkind110y ago0 comments

How do you verify control of a domain? Their current mechanisms verify control of a _host_ pointed to by a hostname, not of a domain. They'd need different mechanisms to verify control of a domain.

If you control the domain `example.com`, sure. if you just control the single host that `example.com` points to, that doesn't neccesarily mean you control the domain, and in fact DNS contortions are needed to even have example.com point to a host.

0 comments

eridius10y ago

You could verify ownership of the DNS config for the domain. It's not all that uncommon to verify ownership of a domain for various services by sticking something in a TXT record on that domain (or on a specially-named subdomain). LetsEncrypt could do something similar to verify top-level ownership. After all, if I have control over the DNS zone, then I trivially have control of any host on the domain too (just point the DNS at my own server).

Another benefit of this is ownership can be validated on an ongoing basis (is the TXT record still there? yup, still valid) without requiring any software to be running on any hosts at that domain. And you can validate a domain without even having an A record if you want (say, if you're getting all your ducks in a row before exposing your server to the world).

jsprogrammer10y ago

If you can contort DNS in such a way that the domain example.com directs to a host you control...then I'd say you control the domain.

j / k navigate · click thread line to collapse

0 pointsjrochkind110y ago0 comments

How do you verify control of a domain? Their current mechanisms verify control of a _host_ pointed to by a hostname, not of a domain. They'd need different mechanisms to verify control of a domain.

0 comments

eridius10y ago

jsprogrammer10y ago

If you can contort DNS in such a way that the domain example.com directs to a host you control...then I'd say you control the domain.

j / k navigate · click thread line to collapse