diff --git a/ndn/app/app.go b/ndn/app/app.go
index 5ff8b4bb..811f848c 100644
--- a/ndn/app/app.go
+++ b/ndn/app/app.go
@@ -146,6 +146,17 @@ func (a *App) JsApi() js.Value {
 			})
 		}),
 
+		// ndncert_dns(domain: string, confirm: (recordName: string, recordValue: string, status: string) => Promise<string>): Promise<void>;
+		"ndncert_dns": jsutil.AsyncFunc(func(this js.Value, p []js.Value) (any, error) {
+			return nil, a.NdncertDns(p[0].String(), func(recordName, expectedValue, status string) string {
+				confirmation, err := jsutil.Await(p[1].Invoke(recordName, expectedValue, status))
+				if err != nil {
+					return ""
+				}
+				return confirmation.String()
+			})
+		}),
+
 		// join_workspace(wksp: string, create: boolean): Promise<string>;
 		"join_workspace": jsutil.AsyncFunc(func(this js.Value, p []js.Value) (any, error) {
 			return a.JoinWorkspace(p[0].String(), p[1].Bool())
diff --git a/ndn/app/ndncert.go b/ndn/app/ndncert.go
index a1df5183..4ba4b47d 100644
--- a/ndn/app/ndncert.go
+++ b/ndn/app/ndncert.go
@@ -7,9 +7,13 @@ import (
 	"os"
 	"time"
 
+	"crypto/elliptic"
+
 	enc "github.com/named-data/ndnd/std/encoding"
+	"github.com/named-data/ndnd/std/security"
 	"github.com/named-data/ndnd/std/security/ndncert"
 	spec_ndncert "github.com/named-data/ndnd/std/security/ndncert/tlv"
+	sig "github.com/named-data/ndnd/std/security/signer"
 )
 
 func (a *App) NdncertEmail(email string, CodeCb func(status string) string) (err error) {
@@ -70,3 +74,77 @@ func (a *App) NdncertEmail(email string, CodeCb func(status string) string) (err
 
 	return nil
 }
+
+func (a *App) NdncertDns(domain string, ConfirmCb func(recordName, expectedValue, status string) string) (err error) {
+	if err := a.WaitForConnectivity(time.Second * 5); err != nil {
+		return err
+	}
+
+	certClient, err := ndncert.NewClient(a.engine, testbedRootCert)
+	if err != nil {
+		return err
+	}
+
+	caPrefix := certClient.CaPrefix()
+	if len(caPrefix) == 0 {
+		return fmt.Errorf("ca prefix unavailable")
+	}
+
+	identity := caPrefix.Append(enc.NewGenericComponent(domain))
+	keyName := security.MakeKeyName(identity)
+	signer, err := sig.KeygenEcc(keyName, elliptic.P256())
+	if err != nil {
+		return fmt.Errorf("failed to generate dns challenge key: %w", err)
+	}
+	certClient.SetSigner(signer)
+	certRes, err := certClient.RequestCert(ndncert.RequestCertArgs{
+		Challenge: &ndncert.ChallengeDns{
+			DomainCallback: func(status string) string {
+				return domain
+			},
+			ConfirmationCallback: func(recordName, expectedValue, status string) string {
+				if ConfirmCb == nil {
+					return ""
+				}
+				return ConfirmCb(recordName, expectedValue, status)
+			},
+		},
+		DisableProbe: true,
+		OnProfile: func(profile *spec_ndncert.CaProfile) error {
+			return nil
+		},
+		OnProbeParam: func(key string) ([]byte, error) {
+			switch key {
+			case ndncert.KwDomain:
+				return []byte(domain), nil
+			case ndncert.KwEmail:
+				return nil, nil
+			default:
+				return nil, nil
+			}
+		},
+		OnChooseKey: func(suggestions []enc.Name) int {
+			return 0
+		},
+		OnKeyChosen: func(keyName enc.Name) error {
+			fmt.Fprintf(os.Stderr, "Certifying key: %s\n", keyName)
+			return nil
+		},
+	})
+	if err != nil {
+		return err
+	}
+
+	if _, err = a.verifyTestbedCert(certRes.CertWire, true); err != nil {
+		return fmt.Errorf("failed to verify issued certificate: %w", err)
+	}
+
+	if err = a.keychain.InsertKey(certRes.Signer); err != nil {
+		return err
+	}
+	if err = a.keychain.InsertCert(certRes.CertWire.Join()); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/ndn/go.mod b/ndn/go.mod
index dae3480d..907f2301 100644
--- a/ndn/go.mod
+++ b/ndn/go.mod
@@ -2,7 +2,10 @@ module github.com/pulsejet/ownly/ndn
 
 go 1.23.4
 
-require github.com/named-data/ndnd v1.5.3-0.20250712020000-ed6bc2901834
+require (
+	github.com/named-data/ndnd v1.5.3-0.20250924035808-d75b7ee75bde
+	golang.org/x/crypto v0.37.0
+)
 
 require (
 	github.com/cespare/xxhash v1.1.0 // indirect
@@ -20,7 +23,6 @@ require (
 	go.opentelemetry.io/otel v1.35.0 // indirect
 	go.opentelemetry.io/otel/metric v1.35.0 // indirect
 	go.opentelemetry.io/otel/trace v1.35.0 // indirect
-	golang.org/x/crypto v0.37.0 // indirect
 	golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 // indirect
 	golang.org/x/net v0.39.0 // indirect
 	golang.org/x/sys v0.32.0 // indirect
diff --git a/ndn/go.sum b/ndn/go.sum
index 93a1bc00..2f8144c6 100644
--- a/ndn/go.sum
+++ b/ndn/go.sum
@@ -29,8 +29,8 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
 github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
-github.com/named-data/ndnd v1.5.3-0.20250712020000-ed6bc2901834 h1:345yvIm+37SFexV6ees8XK3T+3z3ubAK5z7TWVt5zB4=
-github.com/named-data/ndnd v1.5.3-0.20250712020000-ed6bc2901834/go.mod h1:UAaa210BjVOroqFs/9tDmXYfegVQQvj6yueqO27e68c=
+github.com/named-data/ndnd v1.5.3-0.20250924035808-d75b7ee75bde h1:hTKDwaKF2rnrVsPUjICMu/jbmuBb43gPT0hTKT7dDYY=
+github.com/named-data/ndnd v1.5.3-0.20250924035808-d75b7ee75bde/go.mod h1:UAaa210BjVOroqFs/9tDmXYfegVQQvj6yueqO27e68c=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 h1:qLC7fQah7D6K1B0ujays3HV9gkFtllcxhzImRR7ArPQ=
diff --git a/public/main.wasm b/public/main.wasm
index 65335c79..a96cf546 100755
Binary files a/public/main.wasm and b/public/main.wasm differ
diff --git a/src/components/landing/LandingLogin.vue b/src/components/landing/LandingLogin.vue
index 9a6d4e48..31392198 100644
--- a/src/components/landing/LandingLogin.vue
+++ b/src/components/landing/LandingLogin.vue
@@ -7,72 +7,181 @@
         :text="loadStatus"
       />
 
-      <div class="box anim-rtl-fade p-4" v-else-if="showEmail">
+      <div class="box anim-rtl-fade p-4" v-else-if="!showSuccess">
         <div class="header is-size-4 has-text-weight-semibold">Get started</div>
+        <p class="subtitle mt-1">
+          Choose the authentication method that works best for you.
+        </p>
+
+        <div class="method-toggle mt-3">
+          <button
+            class="toggle"
+            :class="{ active: authMethod === 'email' }"
+            type="button"
+            :disabled="methodSwitchDisabled && authMethod !== 'email'"
+            @click="selectMethod('email')"
+          >
+            Email
+          </button>
+          <button
+            class="toggle"
+            :class="{ active: authMethod === 'dns' }"
+            type="button"
+            :disabled="methodSwitchDisabled && authMethod !== 'dns'"
+            @click="selectMethod('dns')"
+          >
+            DNS
+          </button>
+        </div>
 
-        <div class="login mt-2">
-          <div class="field">
-            <label>First, you need an email address to verify your unique identity.</label>
-            <div class="control has-icons-left has-icons-right mt-3">
-              <input
-                :class="{ input: true, 'is-danger': emailError }"
-                inputmode="email"
-                autocomplete="email"
-                type="email"
-                placeholder="name@email.com"
-                v-model="emailAddress"
-                @keyup.enter="emailSubmit"
-              />
-              <span class="icon is-small is-left">
-                <FontAwesomeIcon :icon="faEnvelope" />
-              </span>
-
-              <span class="icon is-small is-right" v-if="emailError">
-                <FontAwesomeIcon :icon="faExclamationTriangle" />
-              </span>
+        <div class="login mt-4">
+          <template v-if="authMethod === 'email'">
+            <div v-if="emailStep === 'input'">
+              <div class="field">
+                <label>First, you need an email address to verify your unique identity.</label>
+                <div class="control has-icons-left has-icons-right mt-3">
+                  <input
+                    :class="{ input: true, 'is-danger': emailError }"
+                    inputmode="email"
+                    autocomplete="email"
+                    type="email"
+                    placeholder="name@email.com"
+                    v-model="emailAddress"
+                    @keyup.enter="emailSubmit"
+                  />
+                  <span class="icon is-small is-left">
+                    <FontAwesomeIcon :icon="faEnvelope" />
+                  </span>
+
+                  <span class="icon is-small is-right" v-if="emailError">
+                    <FontAwesomeIcon :icon="faExclamationTriangle" />
+                  </span>
+                </div>
+                <p v-if="emailError" class="help is-danger">{{ emailError }}</p>
+              </div>
+
+              <button class="button mt-3 is-primary is-fullwidth" @click="emailSubmit">
+                Continue
+              </button>
             </div>
-            <p v-if="emailError" class="help is-danger">{{ emailError }}</p>
-          </div>
-
-          <button class="button mt-3 is-primary is-fullwidth" @click="emailSubmit">Continue</button>
-        </div>
-      </div>
 
-      <div class="box anim-rtl-fade p-4" v-else-if="showCode">
-        <div class="header is-size-4 has-text-weight-semibold">Let's verify you</div>
-
-        <div class="login mt-2">
-          <div class="field">
-            <label>
-              We have sent a verification code to your email address. Enter the code below to
-              continue.
-            </label>
-            <div class="control has-icons-left mt-3">
-              <input
-                :class="{ input: true, 'is-danger': codeError }"
-                inputmode="numeric"
-                pattern="[0-9]{6}"
-                autocomplete="off"
-                type="text"
-                placeholder="123456"
-                maxlength="6"
-                minlength="6"
-                v-model="codeInput"
-                @keypress="disallowNonNumeric"
-                @keyup="codeSubmit"
-              />
-              <span class="icon is-small is-left">
-                <FontAwesomeIcon :icon="faKey" />
-              </span>
-              <p v-if="codeError" class="help is-danger">{{ codeError }}</p>
+            <div v-else>
+              <div class="field">
+                <label>
+                  We have sent a verification code to your email address. Enter the code below to
+                  continue.
+                </label>
+                <div class="control has-icons-left mt-3">
+                  <input
+                    :class="{ input: true, 'is-danger': codeError }"
+                    inputmode="numeric"
+                    pattern="[0-9]{6}"
+                    autocomplete="off"
+                    type="text"
+                    placeholder="123456"
+                    maxlength="6"
+                    minlength="6"
+                    v-model="codeInput"
+                    @keypress="disallowNonNumeric"
+                    @keyup="codeSubmitHandler"
+                  />
+                  <span class="icon is-small is-left">
+                    <FontAwesomeIcon :icon="faKey" />
+                  </span>
+                </div>
+                <p v-if="codeError" class="help is-danger">{{ codeError }}</p>
+
+                <a class="is-size-7 mt-3 ml-1" @click="codeCancel"> Go back to the previous step </a>
+              </div>
+            </div>
+          </template>
+
+          <template v-else>
+            <div v-if="dnsStep === 'input'">
+              <div class="field">
+                <label class="mt-2">First, you need to own domain to verify your unique identity.</label>
+                <div class="control has-icons-left has-icons-right mt-3">
+                  <input
+                    :class="{ input: true, 'is-danger': domainError }"
+                    inputmode="url"
+                    autocomplete="off"
+                    type="text"
+                    placeholder="example.com"
+                    v-model="domainName"
+                    @keyup.enter="domainSubmit"
+                  />
+                  <span class="icon is-small is-left">
+                    <FontAwesomeIcon :icon="faGlobe" />
+                  </span>
+
+                  <span class="icon is-small is-right" v-if="domainError">
+                    <FontAwesomeIcon :icon="faExclamationTriangle" />
+                  </span>
+                </div>
+                <p v-if="domainError" class="help is-danger">{{ domainError }}</p>
+              </div>
+
+              <button class="button mt-3 is-primary is-fullwidth" @click="domainSubmit">
+                Continue
+              </button>
             </div>
 
-            <a class="is-size-7 mt-3 ml-1" @click="codeCancel"> Go back to the previous step </a>
-          </div>
+            <div v-else>
+              <div class="field">
+                <label class="mt-2">Publish this TXT record under {{ domainName }}.</label>
+                <div class="dns-record mt-3">
+                  <div class="row">
+                    <div>
+                      <span class="label">Name</span>
+                      <code>{{ dnsRecordName || '--' }}</code>
+                    </div>
+                    <button
+                      v-if="dnsRecordName"
+                      class="copy"
+                      type="button"
+                      @click="copyValue(dnsRecordName, 'record name')"
+                    >
+                      Copy
+                    </button>
+                  </div>
+                  <div class="row mt-2">
+                    <div>
+                      <span class="label">Type</span>
+                      <code>TXT</code>
+                    </div>
+                  </div>
+                  <div class="row mt-2">
+                    <div>
+                      <span class="label">Value</span>
+                      <code class="value">{{ dnsRecordValueDisplay || '--' }}</code>
+                    </div>
+                    <button
+                      v-if="dnsRecordValueDisplay"
+                      class="copy"
+                      type="button"
+                      @click="copyValue(dnsRecordValueDisplay, 'record value')"
+                    >
+                      Copy
+                    </button>
+                  </div>
+                </div>
+              </div>
+
+              <button
+                class="button mt-3 is-primary is-fullwidth"
+                type="button"
+                :disabled="!canConfirmDns"
+                @click="dnsConfirm"
+              >
+                The TXT record is ready
+              </button>
+              <p v-if="copyNotice" class="help is-success mt-2">{{ copyNotice }}</p>
+            </div>
+          </template>
         </div>
       </div>
 
-      <div class="anim-rtl-fade p-4 has-text-centered" v-else-if="showSuccess">
+      <div class="anim-rtl-fade p-4 has-text-centered" v-else>
         <FontAwesomeIcon class="success" :icon="faCircleCheck" />
       </div>
     </Transition>
@@ -80,7 +189,7 @@
 </template>
 
 <script setup lang="ts">
-import { onMounted, ref } from 'vue';
+import { computed, onMounted, onUnmounted, ref } from 'vue';
 
 import LoadingSpinner from '@/components/LoadingSpinner.vue';
 import { FontAwesomeIcon } from '@fortawesome/vue-fontawesome';
@@ -89,6 +198,7 @@ import {
   faExclamationTriangle,
   faKey,
   faCircleCheck,
+  faGlobe,
 } from '@fortawesome/free-solid-svg-icons';
 
 import * as utils from '@/utils/index';
@@ -98,22 +208,61 @@ import { Toast } from '@/utils/toast';
 const emit = defineEmits(['login', 'ready']);
 
 const showLoading = ref(true);
-const showEmail = ref(false);
-const showCode = ref(false);
 const showSuccess = ref(false);
 
 const loadStatus = ref(String());
 
+const authMethod = ref<'email' | 'dns'>('email');
+const methodSwitchDisabled = computed(
+  () =>
+    showLoading.value || emailStep.value === 'code' || dnsConfirmResolver.value !== null,
+);
+
+const emailStep = ref<'input' | 'code'>('input');
 const emailAddress = ref(String());
 const emailError = ref(String());
 
 const codeInput = ref(String());
 const codeError = ref(String());
-const codeSubmit = ref(() => {});
+const codeSubmit = ref<() => void>(() => {});
+const codeSubmitHandler = () => codeSubmit.value();
+
+const dnsStep = ref<'input' | 'record'>('input');
+const domainName = ref(String());
+const domainError = ref(String());
+const dnsRecordName = ref(String());
+const dnsRecordValue = ref(String());
+const dnsStatus = ref(String());
+const dnsConfirmResolver = ref<null | ((value: string) => void)>(null);
+const canConfirmDns = computed(() => dnsConfirmResolver.value !== null);
+const copyNotice = ref(String());
+let copyTimeout: ReturnType<typeof setTimeout> | undefined;
+
+const dnsRecordValueDisplay = computed(() => {
+  const raw = dnsRecordValue.value.trim();
+  if (!raw) return '';
+  const hasQuotes = raw.startsWith('"') && raw.endsWith('"');
+  return hasQuotes ? raw : `"${raw}"`;
+});
+
+function selectMethod(method: 'email' | 'dns') {
+  if (authMethod.value === method) return;
+  if (methodSwitchDisabled.value) return;
+
+  authMethod.value = method;
+
+  if (method === 'email') {
+    emailStep.value = 'input';
+    emailError.value = '';
+  } else {
+    dnsStep.value = 'input';
+    domainError.value = '';
+  }
+}
 
 /** Validate email and move to step 2 */
 function emailSubmit() {
-  if (!showEmail.value) return;
+  if (emailStep.value !== 'input') return;
 
   if (!emailAddress.value) {
     emailError.value = 'Email address is required';
@@ -125,25 +274,25 @@ function emailSubmit() {
     return;
   }
 
-  showEmail.value = false;
-  startChallenge();
+  emailError.value = '';
+  startEmailChallenge();
 }
 
 /** Cancel code verification and go back to email step */
 function codeCancel() {
-  showCode.value = false;
-  showEmail.value = true;
+  if (methodSwitchDisabled.value && emailStep.value !== 'code') return;
+  codeError.value = '';
+  codeInput.value = '';
+  emailStep.value = 'input';
 }
 
-async function startChallenge() {
+async function startEmailChallenge() {
   showLoading.value = true;
 
   try {
-    // Connect to testbed
     loadStatus.value = 'Connecting to NDN testbed ...';
     await ndn.api.connect_testbed();
 
-    // Start NDN challenge
     loadStatus.value = 'Starting NDNCERT challenge ...';
     await ndn.api.ndncert_email(emailAddress.value, (status) => {
       codeError.value = '';
@@ -156,18 +305,17 @@ async function startChallenge() {
           codeError.value = 'Invalid verification code';
           break;
         default:
-          codeError.value = 'Verfication error: ' + status;
+          codeError.value = 'Verification error: ' + status;
           break;
       }
 
       showLoading.value = false;
-      showCode.value = true;
+      emailStep.value = 'code';
 
       return new Promise((resolve) => {
         codeSubmit.value = () => {
           if (codeInput.value.length !== 6) return;
 
-          showCode.value = false;
           showLoading.value = true;
           loadStatus.value = 'Completing challenge ...';
           resolve(codeInput.value);
@@ -175,7 +323,6 @@ async function startChallenge() {
       });
     });
 
-    // We are certified!
     loadStatus.value = 'Certified!';
     showLoading.value = false;
     showSuccess.value = true;
@@ -184,28 +331,104 @@ async function startChallenge() {
     Toast.error('Failed to complete challenge');
     console.error(err);
     showLoading.value = false;
-    showEmail.value = true;
+    emailStep.value = 'input';
+  } finally {
+    codeSubmit.value = () => {};
+  }
+}
+
+function validateDomain(value: string) {
+  const trimmed = value.trim().toLowerCase();
+  if (!trimmed) return { valid: false, formatted: trimmed };
+  const pattern = /^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?)*$/i;
+  return { valid: pattern.test(trimmed) && trimmed.length <= 253, formatted: trimmed };
+}
+
+function domainSubmit() {
+  if (dnsStep.value !== 'input') return;
+
+  const { valid, formatted } = validateDomain(domainName.value);
+  if (!formatted) {
+    domainError.value = 'Domain is required';
+    return;
   }
+  if (!valid) {
+    domainError.value = 'Invalid domain name';
+    return;
+  }
+
+  domainError.value = '';
+  domainName.value = formatted;
+  startDnsChallenge();
+}
+
+async function startDnsChallenge() {
+  showLoading.value = true;
+  dnsStatus.value = '';
+  dnsRecordName.value = '';
+  dnsRecordValue.value = '';
+
+  try {
+    loadStatus.value = 'Connecting to NDN testbed ...';
+    await ndn.api.connect_testbed();
+
+    loadStatus.value = 'Starting NDNCERT challenge ...';
+    await ndn.api.ndncert_dns(domainName.value, (recordName, recordValue, status) => {
+      dnsStatus.value = status;
+      dnsRecordName.value = recordName;
+      dnsRecordValue.value = recordValue;
+
+      showLoading.value = false;
+      dnsStep.value = 'record';
+
+      return new Promise((resolve) => {
+        dnsConfirmResolver.value = (value: string) => {
+          resolve(value);
+          dnsConfirmResolver.value = null;
+        };
+      });
+    });
+
+    loadStatus.value = 'Certified!';
+    showLoading.value = false;
+    showSuccess.value = true;
+    setTimeout(() => emit('login'), 1500);
+  } catch (err) {
+    Toast.error('Failed to complete challenge');
+    console.error(err);
+    showLoading.value = false;
+    dnsStep.value = 'input';
+  } finally {
+    dnsConfirmResolver.value = null;
+  }
+}
+
+function dnsConfirm() {
+  if (!dnsConfirmResolver.value) return;
+
+  showLoading.value = true;
+  loadStatus.value =
+    dnsStatus.value === 'wrong-record' ? 'Retrying DNS verification ...' : 'Completing challenge ...';
+
+  const resolver = dnsConfirmResolver.value;
+  dnsConfirmResolver.value = null;
+  resolver('ready');
 }
 
 async function setup() {
   try {
-    // Entrypoint - make sure service is loaded
     loadStatus.value = 'Setting up NDN service ...';
     await ndn.setup();
 
-    // Connect to testbed
     await ndn.api.connect_testbed();
 
-    // Check if we are already certified
     if (await ndn.api.has_testbed_key()) {
-      // Check if certificate is expiring soon (within a week)
       const isExpiringSoon = await ndn.api.is_testbed_cert_expiring_soon();
       if (isExpiringSoon) {
         console.log('latest certificate is expiring soon');
-        // Certificate is expiring soon, show email page to refresh it
         showLoading.value = false;
-        showEmail.value = true;
+        authMethod.value = 'email';
+        emailStep.value = 'input';
         emit('ready');
         return;
       }
@@ -217,7 +440,9 @@ async function setup() {
     }
 
     showLoading.value = false;
-    showEmail.value = true;
+    emailStep.value = 'input';
+    dnsStep.value = 'input';
+    authMethod.value = 'email';
     emit('ready');
   } catch (err) {
     console.error(err);
@@ -226,11 +451,44 @@ async function setup() {
 
 onMounted(setup);
 
+onUnmounted(() => {
+  if (copyTimeout) clearTimeout(copyTimeout);
+});
+
 function disallowNonNumeric(event: KeyboardEvent) {
   if (!/^\d+$/.test(event.key) && !['Backspace', 'Delete'].includes(event.key)) {
     event.preventDefault();
   }
 }
+
+async function copyValue(value: string, label: string) {
+  if (!value) return;
+
+  try {
+    if (navigator?.clipboard?.writeText) {
+      await navigator.clipboard.writeText(value);
+    } else {
+      const textArea = document.createElement('textarea');
+      textArea.value = value;
+      textArea.setAttribute('readonly', '');
+      textArea.style.position = 'absolute';
+      textArea.style.left = '-9999px';
+      document.body.appendChild(textArea);
+      textArea.select();
+      document.execCommand('copy');
+      document.body.removeChild(textArea);
+    }
+
+    if (copyTimeout) clearTimeout(copyTimeout);
+    copyNotice.value = `Copied ${label}!`;
+    copyTimeout = setTimeout(() => {
+      copyNotice.value = '';
+    }, 2500);
+  } catch (err) {
+    console.error(err);
+    Toast.error('Unable to copy to clipboard');
+  }
+}
 </script>
 
 <style scoped lang="scss">
@@ -239,6 +497,92 @@ function disallowNonNumeric(event: KeyboardEvent) {
   flex-direction: column;
 }
 
+.method-toggle {
+  display: flex;
+  gap: 0.75rem;
+}
+
+.method-toggle .toggle {
+  flex: 1;
+  border: 1px solid rgba(255, 255, 255, 0.2);
+  background: rgba(255, 255, 255, 0.08);
+  color: #fff;
+  border-radius: 6px;
+  padding: 0.5rem 0.75rem;
+  font-size: 0.9rem;
+  transition: background 0.2s ease;
+}
+
+.method-toggle .toggle.active {
+  background: #3273dc;
+  border-color: #3273dc;
+}
+
+.method-toggle .toggle:disabled {
+  opacity: 0.6;
+  cursor: not-allowed;
+}
+
+.dns-record {
+  background: rgba(50, 115, 220, 0.08);
+  border-radius: 6px;
+  padding: 1rem;
+}
+
+.dns-record .row {
+  display: flex;
+  justify-content: space-between;
+  align-items: flex-start;
+  gap: 1rem;
+}
+
+.dns-record .copy {
+  background: rgba(255, 255, 255, 0.1);
+  border: 1px solid rgba(255, 255, 255, 0.2);
+  border-radius: 4px;
+  color: #fff;
+  padding: 0.25rem 0.75rem;
+  font-size: 0.8rem;
+  transition: background 0.2s ease;
+}
+
+.dns-record .copy:hover {
+  background: rgba(255, 255, 255, 0.2);
+}
+
+.dns-record .label {
+  display: block;
+  font-size: 0.7rem;
+  text-transform: uppercase;
+  letter-spacing: 0.04em;
+  color: rgba(255, 255, 255, 0.7);
+}
+
+.dns-record code {
+  display: inline-block;
+  margin-top: 0.2rem;
+  font-size: 0.95rem;
+  word-break: break-word;
+}
+
+.dns-record code.value {
+  word-break: break-all;
+}
+
+.step-chip {
+  display: inline-flex;
+  align-items: center;
+  font-size: 0.75rem;
+  letter-spacing: 0.05em;
+  text-transform: uppercase;
+  border: 1px solid rgba(255, 255, 255, 0.2);
+  border-radius: 999px;
+  padding: 0.15rem 0.75rem;
+  background: rgba(255, 255, 255, 0.08);
+  color: rgba(255, 255, 255, 0.9);
+}
+
+
 .success {
   color: white;
   font-size: 5rem;
diff --git a/src/services/ndn.ts b/src/services/ndn.ts
index b9405f0f..e99879b3 100644
--- a/src/services/ndn.ts
+++ b/src/services/ndn.ts
@@ -35,6 +35,11 @@ interface NDNAPI {
 
   /** NDNCERT email verfication challenge */
   ndncert_email(email: string, code: (status: string) => Promise<string>): Promise<void>;
+  /** NDNCERT dns verification challenge */
+  ndncert_dns(
+    domain: string,
+    confirm: (recordName: string, recordValue: string, status: string) => Promise<string>,
+  ): Promise<void>;
 
   /** Join Workspace (generate keys etc.) */
   join_workspace(wksp: string, create: boolean): Promise<string>;