| ▲ | throw0101a 5 hours ago | |
> That looks like a viable solution since it requires a one-time setup on the main domain and ongoing access to the second (validation) domain. At my last job we deployed a special sub-domain for that purpose (dnsauth.example.com) and manually created CNAMEs on our main (sub-)domains to point to it. We then deployed a single (no-HA) externally exposed BIND server with a bunch of scripts that folks could connect to (we had deploy hooks scripts for users/developrs). Nowadays there even purpose-build DNS servers for this purpose: | ||