Complete explanation of in-bailiwick
Nico Kadel-Garcia
nkadel at verizon.net
Wed Jul 30 01:02:58 UTC 2003
Joseph S D Yao wrote:
> The idea here seems to be that you should have A records and internal
> names in your domains for all of your name servers, even - especially!
> - the ones not under your control. The good part of this idea is that
> it prevents your name servers' names being hijacked by a TLD or lower-
> level name server gone rogue. The bad part of this idea is that you
> aren't letting the "out-of-bailiwick" name servers' IP addresses get
> updated by their own domain masters when they change. And what if the
> IP address that last week was a Vanderbilt U organization is this week
> some nasty site that wants to mess with you? [Happened to me with a
> Web link.]
It's possible to delegate a zone consisting of a single hostname for
exactly this situation. Of course, the remote site has to be willing to
keep your delegated zone up to date, which strikes me as a bit hopeless.
> There's also some vagueness as to what constitutes your "bailiwick".
> Again, it's whatever is under your control. But you mention delegation.
> So, do your subdomains trust you enough to have the bailiwick be
> "gwu.edu"? Do you trust them enough to delegate bailiwicity?
> ["bailiwicity"????]
Heh....
More information about the bind-users
mailing list