Skip to content

Instantly share code, notes, and snippets.

@Integralist

Integralist/README.md

Last active December 9, 2025 10:29
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Integralist/5162ec685282f55987c94502d665cc57 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Integralist/5162ec685282f55987c94502d665cc57 to your computer and use it in GitHub Desktop.
Download ZIP
What is Bailiwick? #dns
Raw
README.md

Here is a simplified explanation of Bailiwick and Glue Records in the context of DNS.

What is "Bailiwick"?

In plain English, a "bailiwick" is someone’s area of authority or jurisdiction.

In DNS, it asks a simple question:

Does the Name Server live inside the domain it is supposed to manage?

Let's look at an example (example.com):

In-Bailiwick (Inside the house)

  • The Domain: example.com
  • The Name Server: ns1.example.com
  • Why: The name server ends with the domain name. It is "subordinate" (a child) of the domain. It lives inside the domain.

Out-of-Bailiwick (Outside the house)

  • The Domain: example.com
  • The Name Server: ns1.google.com
  • Why: The name server has nothing to do with example.com by name. It lives somewhere else (at Google).

Why does this matter? (Glue Records)

This distinction matters because of the "Chicken and Egg" problem. This is where Glue Records come in.

The Scenario: Imagine you want to visit example.com. Your computer asks the .com Registry (the parent) where to find example.com.

Case A: Out-of-Bailiwick (No Glue Needed)

  • You: "Where is example.com?"
  • Parent (.com): "Oh, that is managed by ns1.google.com."
  • You: "Okay, great. I know where Google is. I'll go ask them."

Result: No problem. You go to Google, and they tell you the IP address for example.com.

Case B: In-Bailiwick (The Problem)

  • You: "Where is example.com?"
  • Parent (.com): "That is managed by ns1.example.com."
  • You: "Okay... but what is the IP address for ns1.example.com?"
  • Parent (.com): "To find that out, you have to ask the manager of example.com."
  • You: "But... ns1.example.com IS the manager! I can't find the manager until I talk to the manager!"

The Solution: Glue Records To stop this infinite loop, the Parent (.com) provides a "Glue Record." It is a cheat sheet.

When the Parent sees you are looking for an In-Bailiwick server, it doesn't just give you the name of the server; it also gives you the IP address directly.

  • Parent (.com) with Glue: "Go to ns1.example.com. AND, by the way, just so you don't get stuck, its IP address is 192.0.2.1."

Summary

Imagine you are trying to find a specific office inside a large building called Example Corp.

  • Out-of-Bailiwick: The security guard tells you: "The keys to the Example Corp office are held by the bank across the street." (Easy, you just walk across the street).
  • In-Bailiwick (Without Glue): The security guard tells you: "The keys to the Example Corp office are locked inside the Example Corp office." (Impossible; you are stuck).
  • In-Bailiwick (With Glue): The security guard says: "The keys are inside the office, but here is a spare key (The Glue Record) so you can get in and find them."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment