Module: Custodians

Many online service providers require users to verify that they have authority to claim or act on behalf of a domain name – e.g. Google's Search Console, Microsoft's Office 365 and more. The state of the art is to instruct users to create a specific record in their DNS (usually TXT or CNAME) for each service. This presents a significant barrier to most users and often results in the DNS being bloated by unnecessary records.

The Custodians module enables domain name administrators to list the people that have permission to act as a custodian for a domain name. Custodians are listed by hashed identifier (e.g. an email address), permissions are associated with each custodian.

Domain name registrars could automatically create a custodian record for the domain registrant once the domain is registered, this would automatically grant permission for the domain registrant to claim their domain name on supporting services.

Example

An example record is shown below.

As stored in the DNS

This shows an example Custodians record stored minified in the DNS:

_n=1;c[be165e855fc34cee0cdfd1b68921152132ee9191:[*];8bfa323c01e3a7f0e90f7685d1b0188b7c8db37e:[numserver.com];a548a3b5f8920fac10530f63da8ce63b67cba768:[m;e;s;c]];b=true
An example Custodians record.

Unpacked and Developer Friendly

This shows an example Custodians record after it's been unpacked using the record configuration file:

Loading
An unpacked Custodians record.

Specification

This module has a specification explaining in detail how it can be used. To view the specification click here Content elsewhere on this site..

Record Configuration File

All records for this module must adhere to the record configuration file shown below, this record configuration file is written in MODL Content on another site.:

The record configuration file can also be seen here Content on another site.