localhost in a DNS zone

domain-name-system localhost

Solution 1:

localhost.example.com is sometimes included on internal DNS servers to prevent "localhost" requests leaking out to the internet (for the case where John Smith types http://localhost/ in his browser & for whatever reason his resolver doesn't look in the hosts file, appends his search path (example.com) & starts asking name servers what that resolves to).

You don't have to have a localhost entry (and if your ISP thinks that's "the way BIND works" they're either misguided or idiots: BIND serves what's in the zone file, and if they remove the localhost line it will stop serving that record). As a free example, localhost.google.com doesn't resolve, and I bet the NS for that domain is running BIND.

The XSS vector is something I'd never thought of, but it is something of concern: having a localhost entry in your public DNS means any hacked machine could be "in your domain" (by running a webserver on 127.0.0.1) and potentially do all sorts of nasty things. Probably a good enough reason to get rid of the entry.

Solution 2:

Assuming that your internal name resolution is handling name resolution properly, any DNS request for localhost should never go to your external DNS provider, and so this shouldn't be a problem at all.

One reason why someone would do this, that I can think of off the top of my head, is if someone once used a web authoring tool that screwed up with a load of absolute references to http://localhost, but that assumes that your ISP was also hosting on their DNS boxes and is a long shot.

However, RFC 1537 does specify:

There has been extensive discussion about whether or not to append the local domain to it. The conclusion was that "localhost." would be the best solution; reasons given were:

  • "localhost" itself is used and expected to work on some systems.

  • translating 127.0.0.1 into "localhost.my_domain" can cause some software to connect to itself using the loopback interface when it didn't want to.

Note that all domains that contain hosts should have a "localhost" A record in them.

So strictly speaking it appears as though your ISP is correct to include localhost, but incorrect to use the fully-qualified name.

Related

HAProxy HTTP vs TCP
Slow Transfers over Distance
Multi device BTRFS filesystem with disk of different size
Is it possible to convert a Linux box to LVM after the fact?
How can I see what version of SSL a web server is currently using?
What is the OSI model and how does it apply to todays networks?
Hardware vs Software load balancers: Just a cost issue?
Nginx disable .htaccess and hidden files but allow .well-known directory
Elastic file system (EFS) mount outside of AWS
What is a Reverse Proxy?
Is there a paging version of `watch`?
Is PostgreSQL suited to one OS? Is it better on Linux than Windows?