All Products
Search

This Product

    CDN:Verify the ownership of a domain name

    Document Center

    CDN:Verify the ownership of a domain name

    Last Updated:Nov 27, 2023

    The first time you add a domain name to the Alibaba Cloud CDN console, the system verifies the ownership of the domain name. After the domain name passes ownership verification, lower-level domain names of the domain name do not require ownership verification.

    Method 1: (Recommended) Use a DNS record to verify the ownership

    Use the console

    The domain name image.example.com is used as an example to show how to verify the ownership of a domain name by adding a DNS record.

    1. On the verification page, click the Method 1: DNS Settings tab to obtain the values of the Host and Value parameters.

      Important

      Do not close the verification page before the verification is complete. In specific cases, DNS record verification may fail. If DNS record verification fails, you can use Method 2: Upload a verification file to verify the ownership.

      DNS解析验证

    2. Add a TXT record in the system of your DNS service provider.

      The following example shows how to add a TXT record. Alibaba Cloud DNS is used as the DNS service provider in this example. You can use similar methods to add TXT records in the systems of other DNS service providers, such as Tencent Cloud and Xinnet.

      1. Log on to the Alibaba Cloud DNS console.

      2. On the Domain Name Resolution page, find the root domain example.com and click DNS Settings in the Actions column.

      3. Click Add DNS Record, set the Record Type parameter to TXT, set the Hostname and Record Value parameters to the values that are obtained in Step 1, and then use the default values for other parameters.

        记录

      4. Click OK.

    3. After the TXT record takes effect, log on to the Alibaba Cloud CDN console and click Verify.

      If a message indicating that the domain name fails the verification appears, check whether the TXT record is correct. Wait for the TXT record to take effect and try again.

      The accelerated domain name image.example.com is used in the following examples to check whether the TXT record is correct.

      Note

      • If you add a TXT record, the TXT record immediately takes effect. If you modify a TXT record, the amount of time that is required for the updates to take effect is based on the TTL. The default TTL is 10 minutes.

      • If dig is not installed on Linux, you can run the yum install bind-utils command to install dig.

      • Example for Windows: Open the Command Prompt in Windows, and then run the nslookup -qt=txt verification.example.com command. You can check whether the TXT record is correct based on the output.image.png

      • Example for Linux:Run the dig verification.example.com txt command. You can check whether the TXT record is correct based on the output.image.png

    Call API operations

    If you want to call the AddCdnDomain or BatchAddCdnDomain API operation to add a domain name, you need to first call the relevant API operation to verify the ownership.

    1. Call the DescribeVerifyContent API operation to query the record value.

    2. Add a TXT record in the system of your DNS service provider. For more information, see Step 2.

    3. Call the VerifyDomainOwner API operation to verify the ownership of a domain name. The operation verifies the ownership of one domain name at a time.

      Set the VerifyType parameter to dnsCheck.

    4. Call the AddCdnDomain or BatchAddCdnDomain API operation to add the domain name.

    Method 2: Upload a verification file to verify the ownership

    Use the console

    1. On the verification page, click the Method 2: Verification File tab.

      Important

      Do not close the verification page before the verification is complete.

      文件验证

    2. Click verification.html to download the verification file.

    3. Upload the verification file to the root directory on the server of the root domain name. The server can be an ECS instance, an OSS bucket, a CVM instance, a COS instance, or an EC2 instance. For example, if the domain name is image.example.com, you need to upload the file to the root directory of example.com.

    4. After you make sure that the verification file is accessible from http://example.com/verification.html, click Verify.

      Alibaba Cloud CDN accesses http://example.com/verification.html on your server for verification.

      • If the record value in the file is the same as the record value in the verification file, the verification is successful.

      • Otherwise, the verification fails. Make sure that the preceding URL is accessible and the file that you uploaded is valid.

    Call API operations

    If you want to call the AddCdnDomain or BatchAddCdnDomain API operation to add a domain name, you need to first call the relevant API operation to verify the ownership.

    1. Call the DescribeVerifyContent API operation to query the record value.

      Note

      Prepare the verification file: Create a new file named verification.html and write the obtained record value to verification.html.

    2. Upload the verification file to the root directory on the server of the root domain name. The server can be an ECS instance, an OSS bucket, a CVM instance, a COS instance, or an EC2 instance.

    3. Call the VerifyDomainOwner API operation to verify the ownership of a domain name. The operation verifies the ownership of one domain name at a time.

      Set the VerifyType parameter to fileCheck.

    4. Call the AddCdnDomain or BatchAddCdnDomain API operation to add the domain name.

    FAQ

    The following questions may arise the first time a domain name is added to Alibaba Cloud CDN:

    • Q: Why does the system verify the ownership of domain names?

      A: Ownership verification ensures that domain names are added only by their owners. If a domain name that belongs to User A is added by User B, security issues may arise.

    • Q: If I have multiple Alibaba Cloud accounts and this is the first time that I add a domain name to Alibaba Cloud, does the system verify the ownership of the domain name for each account?

      A: Yes. Each Alibaba Cloud account is identified as an independent user. The first time you add a domain name, the system verifies the ownership of the domain name for each account (user).

    • Q: If a domain name passes ownership verification after I add a DNS record or upload a verification file, can I delete the record or file?

      Yes. The required DNS record or file is used only for ownership verification. After the domain name passes ownership verification, you can delete the record or the file.

    • Q: Do I need to prove the ownership of a domain name that has been added to Alibaba Cloud CDN?

      A: No. For example, you have added the domain name example.aliyundoc.com to Alibaba Cloud CDN and the CNAME that is assigned to the domain name works as expected. In this case, you are deemed as the owner of the domain name aliyundoc.com. When you add subdomains of aliyundoc.com, such as **.aliyundoc.com or ***.aliyundoc.com, ownership verification is not required.

    • Q: If I call the AddDomain operation to add a domain name, do I need to prove the ownership of the domain name?

      A: Yes. You need to first add a DNS record or upload a verification file to the root directory on the origin server of the domain name that you want to add. Then, call the AddCdnDomain operation to add the domain name.

    • Q: What do I do if I cannot prove the ownership of my domain name by adding a DNS record or uploading a verification file?

      A: You can submit a ticket to explain the reason why you cannot complete ownership verification and provide information that can prove that you own the domain name for manual review.