How does DigitalOcean DNS verify the owner of a domain?

If you think about how this scenario is set-up you can see that Digital Ocean aren't really in a position to need to verify the owner of the domain.

It's the domain registrar who will be pointing the DNS server records to Digital Oceans DNS servers and so it's up to them to validate that you have the authority to provide the IP addresses of those DNS servers.

For example if you set-up malicious DNS records on DO for example.com, how do you get the NS records for that domain to point to your malicious set-up? The answer being you'd need to convince the registrar to change the NS records for the domain.

To add to Rory McCune's answer, if you do run into a problem like that, you can probably file a support ticket, prove that you own the domain, and they'd contact the other user, or just delete the zone, so you could take it.

I once spotted an erroneous zone at another VPS provider and contacted them. They didn't explain what steps they took, but it was gone soon.

I suggest you set up the DNS service for a domain before switching the nameservers at your registrar, to verify that no one has set it up previously and to prevent someone else from causing problems for you in the minutes it takes you to finish configuring things. It's a bit paranoid to worry about, though.

Amazon Route 53 is a bit different. They run over 2000 different nameservers on different IPs (with names like ns-1377.awsdns-44.org). Hundreds of people could happily create identical zones without causing any sort of conflict.