## page was renamed from DNS/in-bailiwick == DNS/用語/in-bailiwick == http://www.faqs.org/rfcs/rfc7719.html RFC 7719 - DNS Terminology [[DNS/RFC/7719]] https://kops.uni-konstanz.de/bitstream/handle/123456789/30298/Kaiser_0-267760.pdf {{{ Bailiwick rules are not specified in an RFC but [2] advises to only accept in domain records among other tips to make DNS more secure. }}} [2] Hubert and R. van Mook, Measures for Making DNS More Resilient against Forged Answers, ser. Request for Comments. Internet Engineering Task Force (IETF), 2009, no. 5452 私は毒盛対策の視点から、in-bailiwickをきちんと定義したいと思う。-- ToshinoriMaeno <> そうでなければ、意味のない概念になるから。 "in bailiwick dns" で検索してみた。  https://lists.isc.org/pipermail/bind-users/2003-July/045082.html {{{ the point is minimizing the number of servers you have to trust. }}} DJBが言い出した、というひとびとを見かけた。  https://lists.isc.org/pipermail/bind-users/2003-July/045075.html I'd never heard this phrase before, so I had to go look see where it was used. Mostly by D. J. Bernstein, a bright guy who has trouble in discussing things without getting too emotional about them, so a lot of his good points get overlooked along with the bad ones. ;-] And he does have some good points; but by not being able to discuss them, he can't develop them as well as he might otherwise. For both reasons, therefore, no RFCs. [[DNS/hitch-hiker/bailiwick-rule]] The "bailiwick" of content DNS servers. http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/dns-server-bailiwick.html {{{ The bailiwick of a content DNS server is quite a simple notion. It is the domain that was used in the referral that directed a resolving proxy DNS server to that content DNS server in the first place. When a superdomain's content DNS servers issue a referral saying "Ask those servers over there about that particular domain.", then the domain in the referral is the bailiwick of the content DNS servers when they come to be queried. }}} 議論の余地がある。 {{{ For another example: The Verisign/Network Solutions content DNS servers serve up information on names in "com." and "net.". Their bailiwick is "com." or "net.", depending from the query being resolved at the time, and hence from what domain the "." content DNS servers actually issued the referral pointing at them in the first place. }}} ---- {{{ the term in-bailiwick means that name server for a domain is in the same domain, ie www.yourdomain.tld name server is ns.yourdomain.tld vs ns.otherdomain.tld }}} 「内部名」と訳すひともいるのだが、曖昧だ。 http://cr.yp.to/djbdns/notes.html 2013/2/24 http://conference.apnic.net/__data/assets/pdf_file/0004/58846/yongjin_apricot2013_20130225_1361832625.pdf What is glue A and why is it necessary? ----- https://archive.farsightsecurity.com/Passive_DNS/passive_dns_hardening_handout.pdf Passive DNS Hardening - Farsight Security Archive == pdns == 対応したのが 2011 年か。 http://mailman.powerdns.com/pipermail/pdns-users/2011-July/007939.html  いつから、作られはじめたのかにもよる。 w == Yeti DNS == http://lists.yeti-dns.org/pipermail/discuss/2015-August/000180.html [Yeti DNS Discuss] Out-of-bailiwick glue in the root zone http://lists.yeti-dns.org/pipermail/discuss/2015-August/000181.html Davey found this example (there are many more): {{{ abb. 172800 IN NS d5.nstld.com. d5.nstld.com. 172800 IN A 192.31.80.34 d5.nstld.com is under the .COM domain, and it is not glue for the .COM domain itself. As I understand it, a careful resolver will ignore this to avoid possibly corrupting its cache. }}} == Root Zone Glue Handling == https://archive.icann.org/en/tlds/report-root-zone-glue-handling-nov09-en.pdf