localhost entries in zones, was Re: Domain Not Resolving

Reindl Harald h.reindl at thelounge.net
Tue Nov 21 15:53:50 UTC 2017



Am 21.11.2017 um 15:27 schrieb Tony Finch:
> Reindl Harald <h.reindl at thelounge.net> wrote:
>> Am 21.11.2017 um 14:42 schrieb G.W. Haywood via bind-users:
>>> The address for localhost (127.0.0.1) should be in /etc/hosts,
>>> not in your zone file, and very probably it already is
>>
>> that part is not true
>>
>> https://tools.ietf.org/html/rfc1537 says:
>> Note that all domains that contain hosts should have a "localhost" A record in
>> them
> 
> That advice is no longer a good idea. "localhost" in the DNS can lead to
> problems with the web browser same-origin security policy.
> 
> http://seclists.org/bugtraq/2008/Jan/270

interesting - but however "administrators often mistakenly drop the 
trailing dot" is nonsense because "Note that all domains that contain 
hosts should have a localhost A record" says exactly that
______________________

from that webpage:

It's a common and sensible practice to install records of the form
"localhost. IN A 127.0.0.1" into nameserver configurations, bizarrely
however, administrators often mistakenly drop the trailing dot,
introducing an interesting variation of Cross-Site Scripting (XSS) I
call Same-Site Scripting


More information about the bind-users mailing list