We are excited to announce an expanded set of nameservers featuring four new TLDs:
  • [a-f].zeit-world.com
  • [a-f].zeit-world.org
  • [a-f].zeit-world.net
  • [a-f].zeit-world.co.uk
By upgrading to a combination of these nameservers, your domains will be able to tolerate the downtime of a given top-level domain.
For example, if there were issues with the .net root nameservers, your domains would still resolve by depending on .com, .org, and .co.uk.
Furthermore, an expanded nameserver set increases the security of the process of adding a domain name to a Now account.

Enhanced Verification

Until today, it sufficed to point your domain to our *.zeit.world nameservers (any of them) and then add your domain and configure it as an alias.
If we had not seen the given domain before, we would mark it as verified and locked it for use only under your account or team context.
In order to prevent a "timing attack" where a third-party monitors changes to domains' nameservers configurations and tries to now domain add them, we have made it so that there is a unique combination of nameservers associated with each domain + account combination.
For example, the next time you now domain add new-domain.com, you will get a unique generated set of nameservers to configure like this:
  • a.zeit-world.com
  • e.zeit-world.org
  • f.zeit-world.net
  • b.zeit-world.co.uk

How to Upgrade

To get the aforementioned reliability and security improvements, we have sent out emails with upgrade instructions to each account.
For teams, all members will have received the email that contains the list of nameservers to update each domain to.

An email sent after to reverify a domain; containing the intended set of nameservers to add.

How to Add New Domains

Moving forward, whenever you run:
  • now alias <deployment> my-new-domain.com …or
  • now domain add my-new-domain.com
We will show you the list of nameservers corresponding to the domain, and whether the domain name is already verified or not.

Adding a domain through Now CLI.

Notice that we still offer you two verification options. While we strongly encourage you to point your nameservers to us, we also accept domains with third-party DNS, as long as you prove ownership by configuring the TXT record.

Automated Verification

Once you set the nameservers for new or existing domains to the set we provide, we will attempt to automatically verify your changes.
Once your domain is verified, you will receive an email as confirmation.
If you have made the change and want to trigger verification manually, you can run now domain verify to expedite the process.

An email notifying that an added domain is verified by nameservers.

As a further improvement, if your domain were to get mis-configured for any reason, the same verification system will automatically prompt you to correct it by sending you an email.

Zero-downtime Nameserver Migration

Our new system makes it possible to move your domain hosted elsewhere to ZEIT World DNS and Now with zero-downtime.
Suppose you are hosting acme.sh with ns1.legacy.com and ns2.legacy.com. You already deployed the website to Now, but you want to avoid dropping even a single request.

Step 1: Verify your domain's ownership using the TXT method. Add the domain (now domain add acme.sh) and register the TXT with your legacy DNS.
Step 2: Add all your existing DNS records. For example, MX records: now dns add acme.sh '@' MX mail.google.com 10.
Step 3: Deploy your site or app to Now and alias it. Once you have your deployment URL ready, run now alias <url> acme.sh.
Step 4: Change your nameservers to the ones provided in Step 1. Because you copied your DNS records, nothing will change. If you need to read the challenge nameservers again, run now domain inspect acme.sh.

By following these 4 easy steps you are able to:
  • Move your domain to our DNS system, which gets you the best UX and performance.
  • Deploy and test with peace of mind, thanks to Now's immutable deployments.
  • Not drop a single request (or email), even while DNS changes are still propagating.

Conclusion

This announcement concludes a complete re-design of all the internal systems that manage domain registration, acquisition, DNS and CDN configuration.
As our customer, you now benefit from:
  • Superior security and confidence, when adding a new domain.
  • Increased availability and reliability, by not betting on a single nameserver TLD.
  • A robust zero-downtime migration strategy, to move from legacy providers to Now.
We look forward to hearing your feedback and sharing with you lots of new exciting features this new system enables.