I wish there was a way to prove ownership of a domain and be able to search on *@example.com for those who use unique emails for every service to track accounts that got hacked or companies that sold my personal info.
So I just tried this, it's a very different proposition than normal HIBP, and much more useful to people like me who don't just have a single address and give that out everywhere.
HIBP reports that zero of my addresses have been pwned. Which is weird because those addresses include several that have been pwned in well known cases, and several more where there's no public "We had a data breach" type report but it's clear that somebody did in fact lose all my data.
That's pretty disappointing, it suggests HIBP doesn't have very much of the breach data that really matters, and so many unsophisticated users who get to the site are probably misled.
Did you try some of those emails in the standard HIBP? There is a difference between a site being hacked and your details posted publicly and a company you signed up with selling your information. The former is on HIBP the latter is not.l
Troy: you might want to use the standard emails (eg, admin@ rather than dns-admin@) for domain ownership - I'd worry that dns-admin@ might be available to users at some domains.
Also maybe apply for a .well-known to HIBP file uploads?
dns-admin@ is probably from the whois record of the domain you checked. The predefined list is only the last 4 addresses that are shown: security@, hostmaster@, postmaster@ and webmaster@.
