<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 3/21/2014 9:03 AM, Casey Deccio
wrote:<br>
</div>
<blockquote
cite="mid:CAEKtLiRaNoSc_CW=mXKV2tYG2QefD+TtFtH03tuGmWtTwRdDgw@mail.gmail.com"
type="cite">
<div dir="ltr">On Fri, Mar 21, 2014 at 8:50 AM, Mitchell Kuch <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:mitch@basejp.com" target="_blank">mitch@basejp.com</a>></span>
wrote:<br>
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hello -<br>
<br>
I've adopted a number of zones and most of them contain
"localhost in<br>
a 127.0.0.1" records. I'm curious what current RFC
standards state and<br>
what the community considers best practice. RFC1537 states
that zones<br>
should contain a localhost record, but it seems that
practice was<br>
obsoleted by RFC1912. Is anyone aware of negative
consequences with<br>
leaving such records in place, perhaps a XSS
vulnerability?<br>
<br>
I'm itching to remove the records but thought I'd check to
see if<br>
there was a legacy use case.<br>
<br>
</blockquote>
<div><br>
</div>
<div>I would take a look at the query logs for the zones in
question. You might be surprised at how many queries are
being made by systems that are applying a suffix from the
search list because of the lack of of an entry for
localhost in the hosts file or the mishandling thereof.<br>
<br>
</div>
</div>
</div>
</div>
</blockquote>
I wouldn't be surprised by any quantity or variety of harebrained
queries that clients make, but that doesn't mean I'm going to add
entries for all that garbage in an attempt to make those clients
"happier". As far as I'm concerned, "localhost" falls into the same
"it's being looked up but shouldn't be" category, and I do not add
it as a matter of course.<br>
<br>
- Kevin<br>
</body>
</html>