Verify domain ownership

Question

When setting up Google Adsense or Gmail as a site owner, you are required to modify a CNAME record for verification. Microsoft does the same thing.

I am building a website where I would like an owner of a group to verify ownership of a domain in the same way. How do I accomplish this?

Answer 1

There's lots of ways to do this. Listed in order of preference:

• microid
• whois (check email address and/or name)
• OpenID w/ delegation
• DNS TXT (or CNAME if you must)
• Insert HTML comment <!-- verify code --> into main page

I would recommend implementing some combination of these. The last one should be a measure of last resort for people who can't insert things into the <head> section of their sites. Done well, many users might be able to claim ownership of their domain without having to take any action at all, provided they've supplied you with an email address already.

For the specific issue of getting DNS information, try this:

$ dig TXT google.com

; <<>> DiG 9.4.3-P3 <<>> TXT google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4045
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.            IN  TXT

;; ANSWER SECTION:
google.com.     3600    IN  TXT "v=spf1 include:_netblocks.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all"

;; Query time: 131 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Sat Oct 24 16:50:56 2009
;; MSG SIZE  rcvd: 122

This particular query gives you the SPF entries for google.com. You could just as easily do:

dig TXT verify.example.com

Then check the confirmation code in the answer section.

Answer 2

You need to query DNS server for the CNAME record of that domain. It can be as simple as using dig/nslookup/etc and scraping data from it or using name resolving capabilities of your platform/language.