How do I determine DNS domain ownership authoritatively?

There seem to be various "hacks" that sort of try to confirm domain ownership (e.g. see Google's list), but it appears to me that they usually verify something else, even if closely related.

For example, if somebody can put some content into the HTML at the root of a site, that could be the marketing agency charged with updating the site, or the web host hosting the site, or even a WiFi provider dynamically injecting content. Neither of which necessarily is the domain owner, so it is insufficient (think rogue marketing agency employee).

Similarly, custom entries into the domain's name servers could be added by a third-party DNS provider that the domain owner delegates to.

Turns out that apparently even whois records -- even when not obfuscated -- are not authoritative.

How can anybody determine the owner of a domain authoritatively? How can anybody prove that they are the owner of a domain? Is that in some kind of ICANN database? Presumably the registrars need to have access to authoritative information? If so how can non-registrars access the same info?

For example, if the whois record contained a public key, somebody who sent me e-mail with a signature that goes with that public key would arguably be the owner of the domain without revealing a lot of personally identifiable info. But it doesn't, does it ...

You will not likely "authoritatively" find this information without a subpoena issued for pending legal action filed in the state where the domain registrar resides.

Unless you are ready to file suit, or hire a private investigator, you are highly unlikely to find the actual owner of a domain, especially if they ownership is obfuscated.

Just "finding it" on the internet is not likely, and Whois information is frequently unreliable. In many instances, where a proxy service is not shielding the identity and contact information of the underlying domain name registrant, you may discover that the information provided in the WHOIS record is inaccurate or incomplete. Occasionally, if the person violating your rights is naïve or does not care about being caught, the WHOIS record may reveal the true identity and contact information of the domain name owner, but this is rare in these kinds of cases. In the vast majority of cases, it is usually not clear from the WHOIS record who the real person or group behind the website is.

Most companies that do offer privacy services shielding the true identity of the domain name registrant also require the registrant to agree not to use those services in violation of others’ rights, including uses that are infringing, defamatory, abusive, threatening, or otherwise unlawful. Most hosting companies (those that service the website owner by storing the website’s content) have similar terms of service. Many of these services reserve the right in their user agreements to terminate the services or even to disclose the identities of their users if they violate these terms. Still, many of these companies are highly reluctant to provide any information unless required to do so by law. Domain privacy services are particularly loath to provide this information because their business models rely on their ability to keep their customers’ identities anonymous.

It really depends on your reason for wanting to know. Much of the information below is verbatim from an internet lawyer in Arizona, where godaddy is located. It is a good read.

If your goal is simply to prevent use of an infringing domain name, one option is to file an administrative complaint under the Uniform Domain Name Dispute Resolution (“UDRP”) procedure. Another soon-to-be implemented administrative procedure is the Uniform Rapid Suspension (“URS”) procedure. These procedures are governed by rules adopted by the Internet Corporation for Assigned Names and Numbers (“ICANN”), the body that coordinates and controls the domain name system and Internet Protocol (“IP”) addresses.

The UDRP allows the infringing domain name to be transferred to a successful complainant, whereas the URS will be a fast means of stopping registration of a clearly infringing domain name. A UDRP proceeding (and likely a URS proceeding) may be filed against the listed registrant of the domain name, even if that registrant is the privacy company itself. The advantage of these administrative procedures is that they generally work on a set time line and therefore are usually less expensive and faster than asserting claims in court.

In certain cases, claims may be filed against an anonymous person or even against the domain name itself, which is considered intangible property subject to disposition by a court. Although a court proceeding is far more expensive and time consuming than administrative proceedings, filing claims in court allows you to seek damages and injunctive relief such as a permanent injunction against future violation of rights, which would otherwise be unavailable in an administrative proceeding.

The WHOIS records are considered authoritative according to the Internet. Anything "more authoritative" would require contacting the owner listed in the Whois information and getting that information from them.

Different domain hierarchies will have different policies on this information, but for the most common top-level and country level domains accurate information required. For .com, .net, .org, etc the following is required]1:

3.7.7.1 The Registered Name Holder shall provide to Registrar accurate and reliable contact details and promptly correct and update them during the term of the Registered Name registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an organization, association, or corporation; and the data elements listed in Subsections 3.3.1.2, 3.3.1.7 and 3.3.1.8.

3.7.7.2 A Registered Name Holder's willful provision of inaccurate or unreliable information, its willful failure promptly to update information provided to Registrar, or its failure to respond for over fifteen calendar days to inquiries by Registrar concerning the accuracy of contact details associated with the Registered Name Holder's registration shall constitute a material breach of the Registered Name Holder-registrar contract and be a basis for cancellation of the Registered Name registration.

3.7.7.3 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm.

In fact, because of DDoS's and other things, there is now a requirement that validation (albeit a weak validation) of domain ownership takes place.

Other registries have different terms, but invariably similar requirements. For example the UK requirement states "10.2.5 Applications for Domain Names in the .ltd.uk and .plc.uk SLDs must state the full name of the company as registered and the company registration number, and the applicant must be prepared to provide proof of the company's incorporation."

Similarly the .nz registries core requirement of registrants is to "keep all their information current and accurate, and to pay, as they become due, all the charges associated with their domain name."

No doubt other registries are similar.