no only localhost.example.com : http://seclists.org/bugtraq/2008/Jan/270 if xxx.example.com is NXDOMAIN , there is similar risk cause by the "nxdomain redirect" recursive dns (they return a hijack A RR ). CA SSO (siteminder) may be a solution.
localhost. seems a new special-use TLD, like arpa. , local. Tony Finch <[email protected]>于2017年9月12日周二 下午11:54写道: > Paul Vixie <[email protected]> wrote: > > > > while i've generally included a localhost.$ORIGIN A RR in zones that > appear in > > my stub resolver search lists, in order that "localhost" be found, > > I agree with the rest of your message but I want to highlight this bit > because it is directly related to the main reason this draft exists. > > Your localhost records (like the ones I deleted from cam.ac.uk last week) > are troublesome for the web browser same origin security policy: they can > lead to vulnerabilites when your websites are accessed from multi-user > machines and in other more obscure circumstances - for details, see > http://seclists.org/bugtraq/2008/Jan/270 > > Tony. > -- > f.anthony.n.finch <[email protected]> http://dotat.at/ - I xn--zr8h > punycode > Tyne, Dogger: Westerly backing southeastrly 4 or 5, occasionally 6 at > first, > then becoming cyclonic, mainly northwesterly later, 6 to gale 8, > occasionally > severe gale 9 later in south. Moderate or rough, occasionally very rough > later > in south. Rain. Good occasionally poor. > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop > -- 致礼 Best Regards 潘蓝兰 Pan Lanlan
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
