And it wasn't to do with bailiwick at all. It was to do with the fact that many softwares allowed users to enter either IP addresses or domain names; but either left recognizing IP addresses up to the DNS client libraries, some of which would in turn fail to do so and just treat them as domain names, or recognized IP addresses in a form that users would forget to use, such as having them enclosed in square brackets. M. Berstein's own DNS client library, and several others, do the same thing that dnscache did, in the client library itself, implementing this same defence at multiple layers of the system.
A related scenario: Some Unix/Linux softwares allow one to specify users by either ID or name, but fail to take advantage of the fact that the colon is prohibited in account names, and so can be used as a syntax for unequivocally distinguishing between the twain. As a result, strings like "0" can potentially be mapped to something other than the superuser if someone goes and creates a user account with the name "0" (whereas ":0", as in the syntax for some tools, is unequivocally user ID zero and "0" generates an error unless there is actually an account by that name). This in turn leads to people arbitrarily banning account names with digits, and security holes resulting when the action upon encountering attempts to use such a name is to just ignore them. Recall the "User=0pointer" kerfuffle in systemd.
* http://jdebp.uk./Softwares/djbwares/guide/commands/dnscache....
* http://cr.yp.to/djbdns/dnscache.html
And it wasn't to do with bailiwick at all. It was to do with the fact that many softwares allowed users to enter either IP addresses or domain names; but either left recognizing IP addresses up to the DNS client libraries, some of which would in turn fail to do so and just treat them as domain names, or recognized IP addresses in a form that users would forget to use, such as having them enclosed in square brackets. M. Berstein's own DNS client library, and several others, do the same thing that dnscache did, in the client library itself, implementing this same defence at multiple layers of the system.
* https://cr.yp.to/djbdns/dns.html
A related scenario: Some Unix/Linux softwares allow one to specify users by either ID or name, but fail to take advantage of the fact that the colon is prohibited in account names, and so can be used as a syntax for unequivocally distinguishing between the twain. As a result, strings like "0" can potentially be mapped to something other than the superuser if someone goes and creates a user account with the name "0" (whereas ":0", as in the syntax for some tools, is unequivocally user ID zero and "0" generates an error unless there is actually an account by that name). This in turn leads to people arbitrarily banning account names with digits, and security holes resulting when the action upon encountering attempts to use such a name is to just ignore them. Recall the "User=0pointer" kerfuffle in systemd.