VERIBUREAU
2026-03-03

How DNS verification works

When a certificate authority issues an SSL certificate for your domain, they do not take your word for it. They require you to prove ownership by placing a specific record in your DNS zone. This is the gold standard of identity verification on the internet.

VeriBureau uses the same mechanism. When a business claims to operate a specific domain, we generate a unique verification token and ask them to create a TXT record at a specific subdomain. If the record appears, the business has proven domain ownership at the infrastructure level.

Three tiers of DNS verification

The protocol defines three levels of domain-based trust, each requiring progressively more commitment.

The first tier is domain ownership. The business adds a TXT record at _veribureau.yourdomain.com containing their verification token. This proves they control the domain's DNS zone — something that cannot be faked without compromising the domain registrar account.

The second tier is protocol declaration. The business adds a TXT record that publicly declares participation in the GTVS protocol. This is visible to anyone who queries the domain's DNS records. Network engineers, security auditors, and other businesses can see at a glance that this domain participates in verified trust.

The third tier is profile publication. The business adds a TXT record pointing to their public VeriBureau profile URL. This creates a bidirectional link: the VeriBureau profile links to the business domain, and the business domain links back to VeriBureau. This mutual reference is the strongest form of digital identity verification short of legal documents.

Why DNS and not just email

Email verification proves that someone has access to an inbox. It does not prove they operate the business. An employee, a former employee, or someone who compromised the email account could pass email verification.

DNS verification proves infrastructure-level control. The person who manages DNS records is, by definition, someone with administrative access to the organization's digital infrastructure. This is a fundamentally stronger signal.

Verification as infrastructure

The beauty of DNS verification is that it becomes part of the internet's fabric. A TXT record at _veribureau.yourdomain.com is not stored on our servers. It is stored in the global DNS system — the same distributed database that makes the entire internet function. It can be queried by anyone, from anywhere, at any time.

This is not a badge on a website. This is infrastructure-level trust declaration.

Back to blog