Ownership Verification Is Not A Standard Process

With the recently restored custom domain publishing feature, and the new domain ownership verification requirement, comes various queries from blog owners unable to verify domain ownership, and to publish their blog to their custom domain.
Can I use a "TXT" file, instead of a "CNAME"? My registrar suggests this as an alternative.
and
Why do I need this? My domain was working, just fine, before I had to re publish the blog!
Not all blog owners understand the historical need for verifying domain ownership.

(Update 2013/09): The second "CNAME" won't be required, in all cases. If you don't see instructions for adding a second "CNAME", focus your efforts on getting the domain working, with righteous base DNS addresses,

Ownership verification, allowing one to setup a given relationship between various Internet resources, varies according to the need of the application which uses the Internet resources in question.

Domain ownership verification, to provide urgently needed custom domain security, is simply one example of ownership verification, in general.

  • If you have file / folder control of a web site, you may be able to add a specific named file, to the website. The application in question can check for the presence of the required file (possibly one with a complex name).
  • Some applications such as Webmaster Tools can, alternatively, use a meta tag in the blog header, to verify blog ownership. Again, the tag will have a complex name / value.
  • To verify domain ownership, Blogger requires you to install a unique "CNAME" as a DNS address into your domain. The "CNAME" will contain two complex values, provided only to the blog / domain owner.

In either case, the complex values provide an encrypted certificate, which is specific to the application and to the blog / website, which is provided only to the owner of the blog / domain / website.

The named file is a simple solution - both to setup and to verify - but using it requires that the blog / website owner have the ability to setup a specific named file, in a specific folder, containing the certificate. Blogger does not provide file / folder control, so that solution is out - for any application which is to be used with Blogger blogs.

Applications (such as Webmaster Tools) which work with Blogger blogs, and similar websites, can use meta tag verification. This requires that the blog owner add a meta tag in the blog header, with a complex tag name / value. The tag name / value contains the certificate in question.

Blogger blogs can use neither a named file, nor meta tags, for domain ownership verification. There is no domain header, where meta tags could be installed - and again, Blogger does not provide file / folder control.

To verify domain ownership, Blogger requires the domain ownership certificate to be installed as a unique "CNAME" DNS address. The complex values in the "Name" and "Destination" values of the "CNAME" contain the encrypted ownership certificate. Since the specific certificate values, for each different domain, are provided to the blog owner (in the "settings instructions" document) - and the "CNAME" can only be installed by the domain owner - when the proper "CNAME" exists, the blog owner and domain owner are certified to be one person.

The unfortunate problem with "CNAME" based domain ownership verification is that not all registrars can provide the required "CNAME"s, and can provide "CNAME"s with long "Name" or "Destination" values. This does not mean that the Blogger solution, for domain ownership verification, is faulty.

It's possible that Blogger Engineering has considered a second option for domain ownership verification, which will be added when - or after - the "Buy a domain" wizard is updated to support automatic domain ownership verification. It's also possible that blog owners, who use specific registrars which are unable to provide the required "CNAME", will be forced to abandon their current registrar.

Whatever the case, it's likely that the "CNAME" based domain ownership certificate was the best possible solution, to solve the urgent security problem, and allow custom domain publishing to be restored last week.

Comments