PacStac

Learn

PacStac Stewardship

Domains

Ship a domain PacStac can trust

Domains are the backbone of PacStac proofs. This guide walks through what the verifier checks, how to prepare your infrastructure, and where to go deeper with DNS or HTTP proof documentation.

Add your domainOperator tools

Pre-flight checklist

  1. 1

    Confirm apex ownership

    Operate at the apex (example.com). Delegated subdomains do not satisfy PacStac proofs. Ensure you can edit authoritative DNS or deploy /.well-known JSON.

  2. 2

    Normalize domains

    Publish in lowercase punycode. PacStac normalizes IDNs and expects your submissions to match. Avoid stray whitespace or prefixed protocols.

  3. 3

    Choose a proof method

    Use DNS TXT proof or host `/.well-known/pacstac_<domain>.json`. Both options can coexist and PacStac will monitor the chosen method.

  4. 4

    Coordinate with operations

    TXT records can take time to propagate. HTTP proofs need TLS and cache headers tuned. Align with your network and platform teams before going live.

Recommended deep dives

DNS Foundations

Brushing up on authoritative vs. recursive resolvers, TTL behavior, and best practices avoids most launch-day surprises.

Read guide

TXT Records Explained

Structure, size limits, and safe-edit workflow for the TXT payload PacStac expects.

Read guide

Serving /.well-known/pacstac_<domain>.json

Prefer HTTP proofs? Learn caching guidance, JSON schema, and hardened deployment patterns.

Read guide