Hello, I’m just getting set up with Netlify and I’ve had a great experience so far, but was curious about the domain verification process.
I’m wondering what exactly happens when the “verify” button is pressed (I checked the docs but still had some questions).
I had previously pointed my nameservers to Netlify in anticipation of delegating my domain to Netlify. Per the instructions for assigning a domain to a site, I needed to confirm I was the owner (the domain was already registered, and owned by me). The previous page says that when using Netlify DNS, configuration is automatic.
The page on adding a domain you own mentions creating a DNS zone. I’m assuming verification checks that the domain nameservers match the DNS zone that a site is assigned. I’m curious if there is anything else going on behind the scenes that’s worth being aware of.
Given this setup, would it be possible for someone to lookup the DNS servers a domain is using (that hasn’t yet been assigned to a site), deleting and recreating the DNS zone until the DNS servers matched the target domain, and then to add that domain to their own site, essentially hijacking it? I’ve since added a custom domain successfully, but I waited to do so to give the DNS changes time to propagate, so I was curious.
The odds of this are probably low, but I’m trying to better understand the magic that Netlify is doing, since the process is different from just adding a CNAME recrod via a registrar.