People keep talking about the "bailiwick" of content DNS servers. What is this ?
This is the Frequently Given Answer to that question.
The bailiwick of a content DNS server is quite a simple notion. It is the domain that was used in the referral that directed a resolving proxy DNS server to that content DNS server in the first place. When a superdomain's content DNS servers issue a referral saying "Ask those servers over there about that particular domain.", then the domain in the referral is the bailiwick of the content DNS servers when they come to be queried.
For example, if the "net." content DNS servers respond to an enquiry for the name "an.example.net." with a referral to content DNS servers at 10.0.0.1 and 10.0.0.2 for the domain "example.net.", then the bailiwick of the latter servers, when they come to be queried, is "example.net.".
Bailiwick is the scope of authority of any particular content DNS server, determined by following a chain of referrals from the root of the DNS namespace. A content DNS server may only be trusted where the information it provides is about names within its own bailiwick.
There are two important precepts to remember about content DNS server bailiwick:
Bailiwick is not inherent in the content DNS servers themselves. Content DNS servers don't know anything about their bailiwicks. The bailiwick of a content DNS server cannot be obtained from the server itself. The DNS protocol does not provide it with any way of knowing who issues the referrals that cause resolving proxy DNS servers to come to it, or what those referrals are.
It is only the resolving proxy DNS servers following that referral that know what the referrals are. It is the resolving proxy DNS servers that track the bailiwicks of the content DNS servers that they send queries to, and apply them as they process the responses.
Bailiwick applies only fleetingly, and multiple bailiwicks can apply to a single content DNS server.
The bailiwick of a content DNS server applies only to the query resolution at hand. A content DNS server can have many bailiwicks because it is referred to for information on names in several different domains. If multiple queries are being resolved for names in these different domains, it can indeed have those bailiwicks simultaneously.
For example: If the content DNS servers listening on IP addresses 18.104.22.168 and 22.214.171.124 serve up information on names in both the "scitechsoft.com." and the "openwatcom.com." domains, because they are owned by people who own both of those domains, then they will have
For another example: The Verisign/Network Solutions content DNS servers serve up information on names in "com." and "net.". Their bailiwick is "com." or "net.", depending from the query being resolved at the time, and hence from what domain the "." content DNS servers actually issued the referral pointing at them in the first place.