What is Domain Control Validation?

Domain Control Validation (DCV) is a way to demonstrate that you have authority to register a service or DNS host name using the DNS domain in question. A common way to achieve this is to create a DNS TXT record containing a randomly generated token as the value.

InCommon uses this method to validate your authority to use a DNS domain or host when you register an entity in the InCommon metadata. If you submit an entity with either an entity ID or scope containing a previously unvalidated domain, the InCommon Registration Authority (RA) will ask you to perform the following to validation steps:

Demonstrate control with a DNS TXT record

Triggering condition

• The requesting Site Administrator (SA) submits metadata for approval via the InCommon Federation Manager (FM).
• The InCommon Registration Authority (RA) reviews metadata per the InCommon metadata validation procedure.
• If WHOIS data for any domain under review does not match the submitting organization -OR- the WHOIS data is not available, complete the following steps.

Validation steps

Step 1: RA emails the DCV TXT record creation instructions to the requesting SA. The instruction will include the unique 20-digit security string (mixed-case alphanumeric characters assigned for this record.

Step 2: SA uses the appropriate DNS management tool to: create a TXT record with the following information

Host: “_incommon.{domain}”
Type: TXT
Value: “incommon-dcv={random value}”

Step 3: SA emails InCommon at help@incommon.org when this has been accomplished.

Step 4: RA verifies, archives evidence, and approves the metadata.

Additional reading

• Federation Manager
• InCommon metadata validation procedure