> sha256(unixtime().rand()).com

Yep, that's the way to do it.

That gives you 64 characters to the left of the dot. The maximum number of characters allowed in any single component of a domain name is 63. Some systems might react in unexpected ways if you try to resolve an invalid domain name, making your check unreliable. Better use md5 or sha1.

Well, that'd be an implementation detail, but the general concept stays the same.

And is superior to hardcoding.