Verify domain ownership

There's lots of ways to do this. Listed in order of preference:

  • microid
  • whois (check email address and/or name)
  • OpenID w/ delegation
  • DNS TXT (or CNAME if you must)
  • Insert HTML comment <!-- verify code --> into main page

I would recommend implementing some combination of these. The last one should be a measure of last resort for people who can't insert things into the <head> section of their sites. Done well, many users might be able to claim ownership of their domain without having to take any action at all, provided they've supplied you with an email address already.

For the specific issue of getting DNS information, try this:

$ dig TXT google.com

; <<>> DiG 9.4.3-P3 <<>> TXT google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4045
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.            IN  TXT

;; ANSWER SECTION:
google.com.     3600    IN  TXT "v=spf1 include:_netblocks.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all"

;; Query time: 131 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Sat Oct 24 16:50:56 2009
;; MSG SIZE  rcvd: 122

This particular query gives you the SPF entries for google.com. You could just as easily do:

dig TXT verify.example.com

Then check the confirmation code in the answer section.