Until today, it sufficed to point your domain to our *.zeit.world nameservers (any of them) and then add your domain and configure it as an alias.
If we had not seen the given domain before, we would mark it as verified and locked it for use only under your account or team context.
In order to prevent a "timing attack" where a third-party monitors changes to domains' nameservers configurations and tries to now domain add them, we have made it so that there is a unique combination of nameservers associated with each domain + account combination.
For example, the next time you now domain add new-domain.com, you will get a unique generated set of nameservers to configure like this:
Notice that we still offer you two verification options. While
we strongly encourage you to point your nameservers to us, we also
accept domains with third-party DNS, as long as you prove ownership by
configuring the TXT record.
Our new system makes it possible to move your domain hosted elsewhere
to ZEIT World DNS and Now with zero-downtime.
Suppose you are hosting acme.sh with ns1.legacy.com and ns2.legacy.com.
You already deployed the website to Now, but you want to avoid dropping
even a single request.
Step 1: Verify your domain's ownership using the TXT method. Add the domain
(now domain add acme.sh) and register the TXT with your legacy DNS.
Step 2: Add all your existing DNS records.
For example, MX records: now dns add acme.sh '@' MX mail.google.com 10.
Step 3: Deploy your site or app to Now and alias it.
Once you have your deployment URL ready, run now alias <url> acme.sh.
Step 4: Change your nameservers to the ones provided in Step 1.
Because you copied your DNS records, nothing will change. If you need to
read the challenge nameservers again, run now domain inspect acme.sh.
By following these 4 easy steps you are able to:
Move your domain to our DNS system, which gets you the best UX and performance.