Verify the ownership of a domain name - Content Delivery| Alibaba Cloud Documentation Center

The first time a domain name is added to Dynamic Route for CDN (DCDN), DCDN verifies the ownership of the domain name. This ensures that the domain name is added by the owner. If a domain name that belongs to User A is added to DCDN by User B, security issues may arise. If the domain name has passed the verification, the ownership verification is not required when you add the domain name to DCDN for a second time or add the subdomains of the domain name.

Verification methods

Log on to the DCDN console and go to the Add Domain Name page. Set the parameters and click Next. You are redirected to the verification page, as shown in the following figure. You can prove the ownership by adding a DNS record or uploading a verification file. Choose one of the methods based on your business requirements. You can add a domain name to DCDN only after the domain name passes ownership verification. Add a DNS record to verify the ownership

Add a DNS record to verify the ownership

Method 1: Add a DNS record to prove the ownership (recommended)

In this topic, image.example.com is used to demonstrate how to verify the ownership of a domain name. If your domain names have already passed ownership verification, skip this topic.

On the verification page, click the Method 1: DNS Settings tab.
The system automatically recognizes the record type, host, and record value. Do not close the verification page before the verification process is completed.

Note If you want to add the domain name to DCDN by calling the AddDcdnDomain or BatchAddDcdnDomain operation, you must first call the DescribeDcdnVerifyContent operation to query the record value and add a TXT record for the domain name. Then, you can call the AddDcdnDomain or BatchAddDcdnDomain operation to add the domain name to DCDN.

In the system of your DNS service provider, add a TXT record for the domain name.

The following example shows how to add a TXT record on Alibaba Cloud. You can use similar methods to add a TXT record on Tencent Cloud or Xinnet.

Add a TXT record on Alibaba Cloud

If your domain name uses DNS resolution services provided by Alibaba Cloud, you can perform the following steps to add a TXT record:

Log on to the Alibaba Cloud DNS console.
On the Manage DNS page, find the domain name example.com and click Configure in the Actions column. DNS record updates apply to root domains. In this example, the domain name to be accelerated is image.example.com, whose root domain is example.com.

Click Add Record and enter the record type, host, and record value obtained in Step 1.


Parameter	Description	Example
Type	Select TXT.	TXT
Host	Enter the prefix of the domain name.	verification
ISP Line	Select the Internet service provider (ISP) of the domain name.	Default
Value	Enter the record value obtained in Step 1.	verify_293b6443326fbbc7ff5e61d7768f****
TTL	Enter a time-to-live (TTL) value for the TXT record. A smaller value indicates a shorter period of time to apply record updates. The default TTL value is 10 minutes.	10 minutes

Click OK.

Note After you add a TXT record, it immediately takes effect. After you update a TXT record, it takes 10 minutes for the system to apply the updates. The time it takes to apply record updates is based on the TTL value. The default TTL value is 10 minutes.

After the TXT record takes effect, log on to the DCDN console. Click Verify to complete the verification process.
If the system prompts that the domain name fails the verification, check whether the TXT record is correct. Wait for the TXT record to take effect and try again.

Method 2: Upload a verification file to prove the ownership

In this topic, image.example.com is used to demonstrate how to verify the ownership of a domain name. If your domain names have already passed ownership verification, skip this topic.

On the verification page, click the Method 2: Verification File tab.
Do not close the verification page before the verification process is completed.
Click verification.html to download the verification file of the domain name.

Note You can call the DescribeDcdnVerifyContent operation to generate strings that must be used in the verification file. If you want to call the AddDcdnDomain or BatchAddDcdnDomain operation to add the domain name to DCDN, you must first call the DescribeDcdnVerifyContent operation to generate strings. Then, create a verification.html file that contains the strings and upload the file to the origin server.
Upload the verification file to the root directory on the origin server of the domain name. The origin server can be an Elastic Compute Service (ECS) instance, an Object Storage Service (OSS) bucket, a Cloud Virtual Machine (CVM) instance, a Container-Optimized OS (COS) instance, or an Elastic Compute Cloud (EC2) instance.

After you upload the verification file, DCDN visits the origin server at http://example.com/verification.html to obtain the verification file. Then, DCDN determines whether you have uploaded the verification file as required. Make sure that the verification file is accessible.
Click Verify to complete the verification.

Related API operations

VerifyDcdnDomainOwner: Adds a DNS record for ownership verification.
DescribeDcdnVerifyContent: Uploads a verification file for ownership verification.

FAQ

The following issues may arise the first time a domain name is added to DCDN:

Q: Why does Alibaba Cloud CDN verify the ownership of domain names?
A: Ownership verification ensures that domain names are added to Alibaba Cloud CDN only by their owners. If a domain name that belongs to User A is added to Alibaba Cloud CDN by User B, security issues may arise.
Q: If I have multiple Alibaba Cloud accounts and this is the first time a domain name is added to Alibaba Cloud, does Alibaba Cloud CDN verify the ownership of the domain name for each account?
A: Yes. Each Alibaba Cloud account is identified as an independent user. The first time a domain name is added to Alibaba Cloud CDN, Alibaba Cloud CDN verifies the ownership of the domain name for each account (user).
Q: If a domain name passes ownership verification after I add a DNS record or upload a verification file, can I delete the record or file?
A: Yes. The required DNS record or verification file is used only for ownership verification. After the domain name passes the verification, you can delete the record or file.
Q: Do I need to prove the ownership of a domain name that is already added to DCDN?
A: No, you do not need to prove the ownership of existing accelerated domain names. For example, you have added the domain name *.example.com to DCDN and the Canonical Name (CNAME) record that is assigned to the domain name works in an expected manner. In this case, you are considered to own the domain name example.com. If you add a subdomain name of example.com, such as **.example.com or ***.example.com, you do not need to perform the ownership verification.
Q: Do I need to prove the ownership of a domain name if I call the AddDcdnDomain operation to add the domain name to DCDN?
A: Yes, you need to prove the ownership of the domain name in this case. You must first add a DNS record or upload a verification file to the root directory of the origin server of the domain name that you want to add. Then, call the AddDcdnDomain operation to add the domain name to DCDN.
Q: What can I do if I cannot prove the ownership of my domain name by adding a DNS record or uploading a verification file to the origin server?
A: To address this issue, you can submit a ticket. In the ticket, state the reason why you cannot prove the ownership through the given methods, and include the information that can be used to prove your identity as the domain name owner. Alibaba Cloud will conduct manual verification.