seiso.moe
https://ietf-wg-dnsop.github.io/draft-ietf-dnsop-domain-verification-techniques/draft-ietf-dnsop-domain-verification-techniques.html should probably follow whats in here, currently kinda close but just to make sure we grab any differences. also should query authoritative ns's instead of caching ones just to be safe.