I could really use your expertise on a situation I encountered. Consider the following scenario:
User A adds example.com virtualhost with DNS and email support without having registered it.
User B registers example.com, configures the nameservers correctly, tries to add it and, naturally, fails to do so.
User A ends up controlling the services (http, email etc) provided by example.com even though they don’t own it
All this happens on my custom platform utilizing the api. I’m trying to come up with a resolution flow that doesn’t involve human intervention.
Any thoughts?
Side note: Since domains and virtualhosts are unique to servers and not users, wouldn’t it be redundant to include the user parameter in api/cli calls that don’t involve creation?
No no, I don’t want to prevent it. I can understand that, from the server’s perspective, everything works as expected. As I said, I need to be able to resolve situations like that programmatically. In other words, check if A owns the domain, as you said.
To your point, how does one check that? Can B authenticate his domain somehow?
Except, that has to be done at the registrar level. And all registrars that I know of, don’t let you manipulate dns records unless you change the domain’s nameservers to their own.
