I am developing a free DNS service and I can't totally solve the situation when two or more customers try to add the same domain (nearly at the same time).
Here are a few solutions to handle this situation, but none of them seems to be good or viable.
Solution 1:
Use different pairs of name server for each customer
Creating multiple and distinct ns's (like ns1, ns2.. ns49, ns50, ns51..) allows me to use different pairs of servers with different customers trying to add same domain.
The real owner will use only his pair in domain registrar (ie: ns8 and ns9) so only his records will be accepted and propagated to the whole internet.
The problem with Solution 1:
It is vulnerable to a mass attack
If a malicious person create a really big number of accounts, it would be impossible to have an equivalent number of pairs, if all of these accounts try to add the same domain.
Solution 2:
Only allow one user account to use a domain
If one user already added a specific domain and correctly configured it in his domain registrar, no other account will be able to add the same domain.
The problem with Solution 2:
Grace time
It can take hours to validate an added domain (please, correct me If I am wrong). It would require me to give a "grace time" to allow each recently added domain to stay "unverified" until we can validate it through the respective domain registrar.
Also, during this grace time, no other account would be able to add the same domain unless we use solution 1 ( but remember #1 has a vulnerability ).
How free (or paid) DSN services solve this problem? What are their approaches (since any user apparently can add whatever domain it wants without restrictions) ?
Edit: about the duplicate
There is a slight difference between my question and Era's one. I am the provider and not the customer. And Era's question only points to the problem from the customer's eyes.
Also, even @Jacob from DigitalOcean stated that they do a "first come, first serve" approach which I am trying to avoid and is the reason for my question to exist.
Solution 1 can work for authentication a users control of a domain. In your question, you seem to have imposed some restrictions on yourself, maybe due to some misunderstandings or maybe because you want it to work without authenticating the users control of the domain.
Any of the three observations above should fill in the gaps in your proposed solution 1 to make it work, assuming that you do authenticate the user's control of the domain.
If you want a solution that works without the user first authenticating their control of the domain, I can only suggest that you rely on IPv6.
A hybrid solution could likely provide a smooth flow for the users. I would design it as follows:
kasperd-ns1-ds.example.com.A user can create any zone name they like. It will immediately be made available on that user's IPv6 addresses.
Serving a specific zone on the IPv4 addresses (which are necessarily shared among users) will work on a first-come basis. But any later user can authenticate control over the domain by pointing the NS records of the domain to any of the hostnames you assigned to that user. Authenticated control of the domain beats the first-come principle.