## page was renamed from DNS/in-bailiwick
== DNS/用語/in-bailiwick ==
http://www.faqs.org/rfcs/rfc7719.html
RFC 7719 - DNS Terminology  [[DNS/RFC/7719]]

https://kops.uni-konstanz.de/bitstream/handle/123456789/30298/Kaiser_0-267760.pdf
{{{
Bailiwick rules are not specified in an RFC but [2] advises to
only accept in domain records among other tips to make DNS more secure.
}}}
 [2] Hubert  and  R.  van  Mook,
     Measures for Making DNS More Resilient against Forged Answers,  ser.  Request  for  Comments.
        Internet  Engineering  Task  Force (IETF), 2009, no. 5452

私は毒盛対策の視点から、in-bailiwickをきちんと定義したいと思う。-- ToshinoriMaeno <<DateTime(2016-01-23T19:59:49+0900)>>
  そうでなければ、意味のない概念になるから。


"in bailiwick dns" で検索してみた。  https://lists.isc.org/pipermail/bind-users/2003-July/045082.html
{{{
the point is minimizing the number of servers you have to trust.
}}}

DJBが言い出した、というひとびとを見かけた。  https://lists.isc.org/pipermail/bind-users/2003-July/045075.html

I'd never heard this phrase before, so I had to go look see where it
was used.  Mostly by D. J. Bernstein, a bright guy who has trouble in
discussing things without getting too emotional about them, so a lot of
his good points get overlooked along with the bad ones.  ;-]  And he
does have some good points; but by not being able to discuss them, he
can't develop them as well as he might otherwise.  For both reasons,
therefore, no RFCs.



[[DNS/hitch-hiker/bailiwick-rule]]

The "bailiwick" of content DNS servers.

http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/dns-server-bailiwick.html
{{{
The bailiwick of a content DNS server is quite a simple notion.
It is the domain that was used in the referral that directed a resolving proxy DNS server
to that content DNS server in the first place.
When a superdomain's content DNS servers issue a referral
saying "Ask those servers over there about that particular domain.",
then the domain in the referral is the bailiwick of the content DNS servers
when they come to be queried. 
}}}

議論の余地がある。
{{{
For another example: The Verisign/Network Solutions content DNS servers serve up information on names in "com." and "net.". Their bailiwick is "com." or "net.", depending from the query being resolved at the time, and hence from what domain the "." content DNS servers actually issued the referral pointing at them in the first place. 
}}}
----
{{{
the term in-bailiwick means that name server for a domain is in the same domain,
ie www.yourdomain.tld name server is ns.yourdomain.tld vs ns.otherdomain.tld
}}}
「内部名」と訳すひともいるのだが、曖昧だ。

http://cr.yp.to/djbdns/notes.html

2013/2/24
http://conference.apnic.net/__data/assets/pdf_file/0004/58846/yongjin_apricot2013_20130225_1361832625.pdf

What is glue A and why is it necessary? 

-----
https://archive.farsightsecurity.com/Passive_DNS/passive_dns_hardening_handout.pdf

Passive DNS Hardening - Farsight Security Archive

== pdns ==
対応したのが 2011 年か。 http://mailman.powerdns.com/pipermail/pdns-users/2011-July/007939.html
 いつから、作られはじめたのかにもよる。 w

== Yeti DNS ==
http://lists.yeti-dns.org/pipermail/discuss/2015-August/000180.html

[Yeti DNS Discuss] Out-of-bailiwick glue in the root zone
http://lists.yeti-dns.org/pipermail/discuss/2015-August/000181.html

Davey found this example (there are many more):
{{{
abb.           172800 IN NS   d5.nstld.com.
d5.nstld.com.  172800 IN A    192.31.80.34

d5.nstld.com is under the .COM domain, and it is not glue for the .COM
domain itself. As I understand it, a careful resolver will ignore
this to avoid possibly corrupting its cache.
}}}

== Root Zone Glue Handling ==
https://archive.icann.org/en/tlds/report-root-zone-glue-handling-nov09-en.pdf