I am assisting a non-techie associate who has website through a third-party provider such as Godaddy.
For years his site pointed to domain name, which I'll call "buzzybee." The full address was buzzybee.godaddy.com, or something like that but on the web if you went to buzzybee.com you got his website.
He stopped the site temporarily and then someone (the "intruder") took the name "buzzybee" knowing that my associate had been using it. When he demanded that the intruder return the name to him, the intruder said he needed proof that my friend was the original owner of the buzzybee site.
The intruder said that my associate needed to provide the "A-record" setup for the domain. The intruder said he would point the domain to associate's server. Then my associate would make changes to the site in order to prove that it was his (or something like that). At that time, intruder would agree to unlock the buzzybee domain and transfer the domain.
My associate does not trust this third-party who seems tech savvy and might be trying to access the website or personal information.
Does this sound like a ploy by the intruder? Can sharing A-record information expose my associate to security risks? What exactly A-record information exists and would need to be shared with the intruder? Could this pose a security risk?