search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
900 stars 37 forks source link

Add a CNAME based DNS proof #950

Closed jeantil closed 3 years ago

jeantil commented 10 years ago

The current DNS verification method require the record to be named @ and to contain exactly the verification string. This can interfere with other existing validation mechanisms . In my case, I had to change the pre-existing google webmaster tools validation to a CNAME based validation in order to be able to use the @ TXT validation.

As a user with pre-existing TXT based validations, I would like to be able to validate a domain for Keybase using a CNAME option.

Thanks !

chigh commented 10 years ago

So, Google Webmaster Tools barfs if there are multiple TXT records for the zone? Looks like Google can manage SPF records. Do SPF records interfere with the Webmaster Tools? Thinking "out loud", but I wonder why they can't bother to be specific with the TXT records they're looking for.

This is not to dismiss the idea of using a CNAME validation method. I, personally, think that's a reasonable request.

jeantil commented 10 years ago

I dont know if google webmaster tool "barfs" if there are multiple TXT record for the zone.

I can't have the value for the @ TXT record be exactly the keybase value if I already have a google webmaster tools TXT record. I could try to put both the Google and keybase validation codes in the @ TXT record but then I am not sure keybase would validate it.

None of the above changes the fact that validation ( either Google's or keybase's) should not be using a global namespace.

Whether it is a CNAME or a named TXT or SPF record would be fine by me. Le 19 août 2014 17:53, "C High" notifications@github.com a écrit :

So, Google Webmaster Tools barfs if there are multiple TXT records for the zone? Looks like Google can manage SPF records. Do SPF records interfere with the Webmaster Tools? Thinking "out loud", but I wonder why they can't bother to be specific with the TXT records they're looking for.

This is not to dismiss the idea of using a CNAME validation method. I, personally, think that's a reasonable request.

— Reply to this email directly or view it on GitHub https://github.com/keybase/keybase-issues/issues/950#issuecomment-52655159 .

chigh commented 10 years ago

Ah, a limitation of Gandi.

Actually, there's absolutely nothing wrong with using a TXT record at the apex (@ or example.com. or in your case: byjean.eu.) of the zone (domain), and there are reasons to have them at the apex. The space is not really global. Keybase and Google Webmaster tools are asking for a single record within your DNS zone. If you want a CNAME, I can only guess that you'd have to create a record like "keybase-verification-string.byjean.eu" and point that to some other host, or perhaps the zone apex (e.g. byjean.eu see below). I guess that could work. The TXT record's okay by me.

keybase-verification-string.byjean.eu. IN CNAME byjean.eu