How do shared hosting providers know you own a domain when you point the DNS to their server?

Couldn't anyone do this?

You are missing one factor. Domain name registration and hosting are two different things even if your host will register your domain for you. A domain name has to be registered and pointed to an IP address before the domain name does anything.

The hosting company does not generally care about the domain name registration except to sell you domain name registration to help you.

Let's assume for a moment you registered your domain name with GoDaddy and bought your hosting from Digital Ocean.

Digital Ocean would give you an IP address to your server. With GoDaddy, you would associate your domain name with that IP address. These are two separate processes. Even if you bought your domain name from Digital Ocean, the processes are still separated.

So if the question is, Could someone simply purchase hosting without a domain name and simply put a domain name in their hosting DNS server?, the answer is No. When a domain name is registered, the domain name has to appear in a TLD domain name server. For example, example.com would have to be registered in the .com TLD domain name server and SOA (statement of authority) records added. Simply placing a domain name in the hosting DNS does not do this.

How did DO verify I owned the domain I was adding to my server?

Again, hosting providers do not care if you own a domain name or not. The reason why is simple. The website you create will not work without properly registering a domain name. As well, it is not uncommon that the one who owns a domain name is not the one who is running the site itself. Separation between a domain name and host is a necessity. For example, when I was a web host, MARS candy owned the domain name, paid a hosting company to host the site, and then paid another to develop and maintain the site.

If you registered your domain name when you signed up for Digital Ocean, then they simply registered your domain name for you and set it up for you to work with their hosting. It is that simple.

Sure, anyone could do this, but what would they get from it? Attaching the domain to the server doesn't give you any kind of access or ownership of the servers.

You could point thedomainyouown.com at Google's IPs, but all you get from it is costs and no benefit.. thus it generally makes little sense to point your nameservers at anything else but your own servers, so people generally don't do it.

There are a few situations where it is actually necessary to point your domain to servers you do not own.. like white-label payment services. In a case like that, you point a subdomain that you own (e.g. cash.thedomainyouown.com) at a server owned by the payment provider, and when their servers see a request coming in with your domain name on it, they know to present the user with the payment page for your company.. and the user doesn't notice that you've delegated that service to another company unless they dig in deeper (e.g. verifying IP ownership). These white-label use cases wouldn't work if you had to prove server or IP ownership to set DNS records.

How did Digital Ocean verify I owned the domain I was adding to my server? Couldn't anyone do this? Could another customer have added my domain to their Digital Ocean account before I got around to it?

Since none of the other answers have mentioned it: you probably had to tell your server which domain names to expect, but that does not actually cause those domain names to go there.

When you visit http://example.org/ in a web browser, your browser looks up the IP address of example.org. Then it contacts that IP address, and says "Hi, I'm looking for example.org. Please send me your home page."

Depending on the server configuration, the server might care about what domain the browser tells it, or it might not. If the browser said "Hi, I'm looking for asdjhashsdfsfgdfgdg.org. Please send me your home page." then the server will either send back the homepage for example.org (if it doesn't care) or it will send an error page saying "sorry, I don't know what site that is." If your server does care, then it needs to know what your domain is.

It's done this way so that you can use the same IP address for more than one domain, and still have different web pages on every domain. If you have more than one domain pointing to the same IP address, then the server does need to know which domains you have, so it can send the right page.