[opendais]

Normally services like this make you add a DNS record and/or file to the target to confirm you are the owner.

[tisba]

this is especially challenging actually. just because you own the domain name, doesn't mean you own the infrastructure you are pointing your DNS records to!

So adding DNS records is pretty useless to provide proof that you own the resources under test.

[opendais]

Yes but at that point you are theoretically traceable and can be found. It isn't like a botnet. Someone had to buy the domain.

[tisba]

Okay, that's true. But the question was about confirming the target's ownership. And that is something you cannot ensure via DNS entries.