Hi, draft-hoffman-dns-terminology-02 has the following definitions:
In-bailiwick response -- A response in which the name server answering is authoritative for an ancestor of the owner name in the response. The term normally is used when discussing the relevancy of glue records. For example, the parent zone example.com might reply with glue records for ns.child.example.com. Because the child.example.com zone is a descendant of the example.com zone, the glue is in-bailiwick. Out-of-bailiwick response -- A response in which the name server answering is not authoritative for an ancestor of the owner name in the response. A few comments: * A zone can't send a reply; the authoritative server for a zone can. * "Response" isn't defined(!), nor is "reply". I was (pedantically) thinking of an RFC 1035 §4 message with the QR bit set to 1 at first, but that doesn't fit well in the context of "the owner name in the response", because a response message can contain RRs with different owner names, and records within a response message can be individually considered in-bailiwick or out-of-bailiwick. It would be good to clarify which owner name is being compared. * RFC 5452 §6, though it uses "in-domain" rather than "in-bailiwick", uses the concept of "deeming" the authoritativeness of a record. RFC 3833 §2.3 refers to "the long-standing defense of checking RRs in response messages for relevance to the original query". I think these two RFCs are alluding to the same or a similar bailiwick concept being defined here. Is "in-bailiwick" / "out-of-bailiwick" a property of the data in the DNS and how authoritative servers are configured to use it, or is it a determination (a "deeming") by a recursive server that the data has this property? I favor the latter, because it is useful to have dedicated terminology for the process of determining a server's authority, but maybe a separate definition would be helpful: Bailiwick checking -- The process of determining whether a record in a response message should be considered "in-bailiwick" or "out-of-bailiwick". -- Robert Edmonds _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
