But the DDOS attack isn't against the domain, it's against whatever server the domain points at.
Requiring the owner to post a file at a specific URL would prove actual control of the server in a way that domain records don't. I can point a domain at whatever server I want, no need for it to be my own.
Requiring the owner to post a file at a specific URL would prove actual control of the server in a way that domain records don't. I can point a domain at whatever server I want, no need for it to be my own.