On 6/5/20, Fred Morris <m3...@m3047.net> wrote: > Hrmmm... I'm reminded of something else I've seen reported on recently... > > On Fri, 5 Jun 2020, Ejaz Ahmed wrote: >> localhost.cyberia.net.sa > > I don't know if you've been paying attention, but it's been reported that > among others EBay has been port scanning visitor's devices [0]. Having > localhost.ebay.com could be handy for them in terms of circumventing some > rules on setting of cookies and the execution of scripts. Not saying > that's what they're doing, heaven forbid. > > Any domain you visit could have entries in it which point to e.g. > localhost or nonrouting addresses commonly used for gateways, things like > that. > > This is not a DNS problem, it's a problem in what commonly used programs > aid and abet in the name of "freedom of commerce" or something.
It's possible to block with rpz & something else that I can't recall right now. I did RPZ blocking first, so I didn't bother changing ; return NXDOMAIN for any 127.0.0.0/8 answers ; exceptions: onea.net-snmp.org CNAME rpz-passthru. twoa.net-snmp.org CNAME rpz-passthru. localhost CNAME rpz-passthru. 8.0.0.0.127.rpz-ip CNAME . ; 127.0.0.0/8 ; check: ; localhost 127.0.0.1 ; onea.net-snmp.org 127.0.0.1 ; twoa.net-snmp.org 127.0.0.2 127.0.0.3 All my other host names that used to return 127.0.0.1 answers don't any more :( Anyone know some valid names I can use for testing? Lee _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
