The Domain Name System (DNS) provides name resolution services for Internet addresses. The various services associated with a domain—e.g., web hosting, mail, instant messaging, etc.—can be provided by different hosts, and DNS may be used to identify the hosts that provide these services. For any domain (e.g., a domain named “example.com”), DNS may associate, with the domain name, records such as an “A” record that identifies the domain's web site host, an “MX” record that identifies the domain's mail host, etc.
In DNS, name resolution itself is treated as a service. An “NS” record identifies the host(s) (or “name server(s)”) that will provide name resolution for that domain. (Providing such name resolution services for a domain may be referred to as DNS hosting.) Domain registrars normally provide DNS hosting services, and when a domain is registered with a particular registrar, the registrar normally points the name server (“NS”) records for that domain at its own DNS hosts. However, there are third-party DNS hosting services, and some domain owners may wish to re-delegate DNS hosting for their domain to a third-party service.
Any entity can contact a DNS provider and set up DNS records for any domain. An entity can set up DNS records even for a domain that the entity does not own or legitimately control. The situation in which an entity has set up DNS records for a domain that the entity does not own or control is benign, since the DNS records created with the new provider do not control name resolution for the domain until the NS records for the domain point at the new provider's name servers. However, if two or more entities assert control over the same domain and create sets of DNS records for that same domain, the DNS provider may wish to use some mechanism to resolve which entity is actually in control of the domain, and thus which set of DNS records to use for the domain once the NS records are pointing to that provider.
One way of addressing the situation where two or more entities set up DNS records for the same domain is to employ a rule such as the last entity to register for DNS service wins control of the domain. If this approach is used, then a “hacker” could insert itself as an owner by setting up DNS records with the DNS provider after the true owner sets up DNS records but before the true owner has pointed the NS records at the new provider, thereby allowing the hacker to take control of the domain. Another option is to block entities from setting up DNS service for a domain after one entity has set up DNS service. If this approach is used, then a hacker could set up DNS service for arbitrary domains and thereby cause a later party, such as the true owner, to be blocked from setting up DNS service with the DNS provider.