Ted Lemon <mel...@fugue.com>于2018年2月6日周二 下午1:17写道:

> On Feb 5, 2018, at 11:58 PM, Lanlan Pan <abby...@gmail.com> wrote:
> If we decide to ban localhost.example,
> Nobody is proposing that we ban localhost.example.

Sorry for my poor english.

I mean that in  *5.2.  'localhost' labels in subdomains*
localhost.example.com. => localhost.  ( equal to ban it at dns ? )

*For example, even with a searchlist of "example.com <http://example.com>"
in place for a given   network, the name "localhost" will not be resolved
as   "localhost.example.com <http://localhost.example.com>." but as
"localhost.", and   "subdomain.localhost" will not be resolved as
"subdomain.localhost.example.com <http://subdomain.localhost.example.com>."
but as "subdomain.localhost.".*

> 1) how many security accidents have caused by this "localhost.example", is
> it a serious security problem with low attack cost ?
> Every security exposure has zero attacks until it is first successfully
> attacked.   Then the floodgates tend to open! :)

 This flood predition was published at 2008, :-)
致礼  Best Regards

潘蓝兰  Pan Lanlan
DNSOP mailing list

Reply via email to