I posted a new Deadwood snapshot last night where I have begun work on the bailiwick checks. My plan for the bailiwick check, which I will do next week, is as follows:
- Look at what the NS record points at and the query sent by the client.
- If they are the same, go to the next part of the bailiwick check.
- Remove one label from our query (make www.example.com example.com or make example.com simply .com, or make .com the name of the root server)
- See if they are the same; if they are we pass this part; if not, keep lopping off labels until we match or the query is less than zero-length (fail, exit routine)
Part two:
- Let’s get the Bailiwick for this query (if this NS record was told by us upstream that these are records for .org; the bailiwick is .org; if this is a root server, tha bailiwick is any querty; if this NS record was told by us upstream this is for example.com, the bailiwick is example.com, and so on)
- Let’s remove one label from the NS record given to us
- Let’s compare the NS record with the bailiwick this NS record has
- If they are the same, we’re gold and have passed the bailiwick check
- Otherwise, remove labels from the NS record and compare with the bailiwick until we either get a match or the truncated NS record is shorter than our bailiwick. If we get a match, it’s gold, otherwise it’s out-of-bailiwick
