[warrenm]

I've never seen it anywhere else :: if this is what you consider "normal"...I'm kinda concerned you don't understand the security implications of [attempted] thefts like this

Whomever was trying to steal access to my domains was trying to overrule the authoritative status of my registrar's DNS servers

[bluehatbrit]

All you said here was that a DNS service is letting someone list DNS records for a domain. That's totally harmless if your domains NS records aren't pointed at their nameservers. You can do this with Route53 and DigitalOcean right now if you want but it won't have any impact because your domain name NS records point to your DNS provider.

As you mentioned in your other comment though, which you hadn't mentioned previously, cloudflare's DNS resolver started using their records before they'd actually received control of the domain (which was of course rejected). That's really bad and surprising, but allowing someone to setup DNS records for a domain name isn't a problem and is required in some situations for DNS migrations.

[warrenm]

Merely creating a DNS record that remains unused? Sure

That happens

Activating said DNS record when you have no authority to do so?

That's bad

Very bad