Hello Mark,

On 3 Aug 2017, at 1:39, Mark Andrews wrote:

Most OS's don't treat localhost specially.  It is just a entry in
/etc/hosts and/or a zone in the local recursive server and/or
localhost.<zone> in a zone on the search list.  The last of these
is how localhost is actually resolved on my machine (MacOS 10.12.6)
as the resolver doesn't treat "localhost" as special.  It's processed
the same way as any other single label name.

localhost entries in zones are dangerous and should (MUST?) be removed. Having them present allows exploits like https://googleprojectzero.blogspot.nl/2015/06/owning-internet-printing-case-study-in.html to reach beyond the vulnerable software, into the context of your domain.

On a sidenote, my Mac does not send out queries for localhost. I’m unsure if this is due to /etc/hosts or due to special casing in the stub.

Kind regards,
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

DNSOP mailing list

Reply via email to