The first time that a domain name is added to Alibaba Cloud CDN, Alibaba Cloud CDN must verify the ownership of the domain name. After the domain name passes ownership verification, lower-level domain names of the domain name can skip ownership verification when they are added to Alibaba Cloud CDN.

Method 1: Use a DNS record to verify the ownership (recommended)

The domain name image.example.com is used as example to demonstrate how to verify the ownership of a domain name by adding a DNS record.

  1. On the verification page, click the Method 1: DNS Settings tab.
    Notice Do not close the verification page before the verification process is completed. In some cases, DNS record verification may fail. If DNS record verification fails, you can use Method 2: Upload a verification file to verify the ownership.
    Add a DNS record to verify the ownership
  2. Add a TXT record in the system of your DNS service provider.
    Alibaba Cloud DNS is used in this topic to demonstrate how to add a TXT record. You can use similar methods to add TXT records in the systems of other DNS service providers, such as Tencent Cloud and Xinnet.
    1. Log on to the Alibaba Cloud DNS console.
    2. Navigate to the Manage DNS page, find the root domain name example.com, and then click Configure in the Actions column.
    3. Click Add Record and enter the record type, host, and record value obtained in Step 1.
      Record
      Parameter Description Example
      Type Select TXT. TXT
      Host Enter the prefix of the domain name. verification
      ISP Line Select the Internet service provider (ISP) of the domain name. We recommend that you keep the default setting.
      Value Enter the record value obtained in Step 1. verify_293b6443326fbbc7ff5e61d7768f****
      TTL Enter a time-to-live (TTL) value for the TXT record. A smaller value indicates a shorter period of time to apply record updates. The default TTL value is 10 minutes. We recommend that you keep the default setting.
    4. Click OK.
  3. After the TXT record takes effect, go to the Alibaba Cloud CDN console. Click Verify to complete the verification process.
    If the system prompts that the domain name fails the verification, check whether the TXT record is correct. Wait for the TXT record to take effect and try again.
Sample success responses:
Note
  • If you add a TXT record, it immediately takes effect. If you modify a TXT record, the time it takes for the updates to take effect is based on the TTL. The default TTL is 10 minutes.
  • If your Linux operating system does not have dig installed, you can run the yum install bind-utils command to install dig.
Windows
D:\example>nslookup -qt=txt verification.example.com
DNS request timed out.
    timeout was 2 seconds.
Server: Unknown
Address:  10.10.10.10

DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
verification.example.com text =

        "verify_293b6443326fbbc7ff5e61d7768f****"
Linux
 [rot@example ~]# dig verification.example.com txt

; << > > DiG 9.11.26-RedHat-9.11.26-3.1.al8 << > > verification.example.com txt
;; global options: +cmd
;; Got answer:
;; - > >HEADER<<- opcode: QUERY, status: NOERROR, id: 63246
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 13561416e9b77d0701000000615fb0d7304d137ea064**** (good)
;; QUESTION SECTION:
;verification.example.com.                IN      TXT

;; ANSWER SECTION:
verification.example.com. 600     IN      TXT     "verify_293b6443326fbbc7ff5e61d7768f****"

;; Query time: 152 msec
;; SERVER: 100.100.100.136#53(100.100.100.136)
;; WHEN: Fri Oct 08 10:45:43 CST 2021
;; MSG SIZE  rcvd: 143

Method 2: Upload a verification file to verify the ownership

The domain name image.example.com is used in this topic to demonstrate how to verify the ownership of a domain name by uploading a verification file.

  1. On the verification page, click the Method 2: Verification File tab.
    Do not close the verification page before the verification process is completed. Upload a verification file to verify the ownership
  2. Click verification.html to download the verification file of the domain name.
  3. Upload the verification file to the root directory on the origin server of the domain name. The origin server can be an Elastic Compute Service (ECS) instance, an Object Storage Service (OSS) bucket, a Cloud Virtual Machine (CVM) instance, a Container-Optimized OS (COS) instance, or an Elastic Compute Cloud (EC2) instance.

    After you upload the verification file, Alibaba Cloud CDN visits the origin server at http://example.com/verification.html to obtain the verification file. Then, Alibaba Cloud CDN determines whether you have uploaded the verification file as required. Make sure that the verification file is accessible.

  4. Click Verify to complete the verification.

Method 3: Call API operations to verify the ownership

If you want to call the AddCdnDomain or BatchAddCdnDomain API operation to add a domain name to Alibaba Cloud CDN, you must first call the relevant API operation to verify the ownership.

Note We recommend that you verify the ownership of a domain name by using Method 1 or Method 2. If you find it inconvenient to perform Method 1 or Method 2 in the console, you can call the Alibaba Cloud CDN API to verify the ownership.
  1. Use a DNS record to verify the ownership.
    1. Cal the DescribeVerifyContent API operation to query the record value.
    2. Add a TXT record in the system of your DNS service provider. For more information, see Step 2.
    3. Call the VerifyDomainOwner API operation to verify the ownership of a domain name. This operation verifies the ownership of one domain name at a time.
      Set VerifyType to dnsCheck.
    4. Call the AddCdnDomain or BatchAddCdnDomain API operation to add the domain name to Alibaba Cloud CDN.
  2. Use a verification file to verify the ownership.
    1. Call the DescribeVerifyContent API operation to query the record value and acquire the verification file.
    2. Upload the verification file to the root directory on the origin server of the domain name. The origin server can be an ECS instance, an OSS bucket, a CVM instance, a COS instance, or an EC2 instance.
    3. Call the VerifyDomainOwner API operation to verify the ownership of a domain name. This operation verifies the ownership of one domain name at a time.
      Set VerifyType to fileCheck.
    4. Call the AddCdnDomain or BatchAddCdnDomain API operation to add the domain name to Alibaba Cloud CDN.

FAQ

The following questions may arise the first time a domain name is added to Alibaba Cloud CDN:
  • Q: Why does Alibaba Cloud CDN verify the ownership of domain names?

    A: Ownership verification ensures that domain names are added to Alibaba Cloud CDN only by their owners. If a domain name that belongs to User A is added to Alibaba Cloud CDN by User B, security issues may arise.

  • Q: If I have multiple Alibaba Cloud accounts and this is the first time a domain name is added to Alibaba Cloud, does Alibaba Cloud CDN verify the ownership of the domain name for each account?

    A: Yes. Each Alibaba Cloud account is identified as an independent user. The first time a domain name is added to Alibaba Cloud CDN, Alibaba Cloud CDN verifies the ownership of the domain name for each account (user).

  • Q: If a domain name passes ownership verification after I add a DNS record or upload a verification file, can I delete the record or file?

    A: Yes. The required DNS record or file is used only for ownership verification. After the domain name passes the verification, you can delete the record or file.

  • Q: Do I need to prove the ownership of a domain name that has already been added to Alibaba Cloud CDN?

    A: No. For example, if you have already added the domain name example.aliyundoc.com to Alibaba Cloud CDN and the CNAME that is assigned to the domain name works as expected, you are deemed to own the domain name aliyundoc.com. When you add lower-level domain names of aliyundoc.com, such as **.aliyundoc.com and ***.aliyundoc.com, ownership verification is not required.

  • Q: If I call the AddDomain operation to add a domain name to Alibaba Cloud CDN, do I need to prove the ownership of the domain name?

    A: Yes. You must first add a DNS record or upload a verification file to the root directory of the origin server of the domain name that you want to add. Then, call the AddDomain operation to add the domain name to Alibaba Cloud CDN. For more information, see Method 3: Call API operations to verify the ownership.

  • Q: What can I do if I cannot prove the ownership of my domain name by adding a DNS record or uploading a verification file to the origin server?

    A: To address this issue, you can submit ticket. In the ticket, state the reason why you cannot prove the ownership through the given methods, and include the information that can be used to prove your identity as the domain name owner. Alibaba Cloud will conduct manual verification.