On 16/06/12 15:46, Zack Weinberg wrote: > I have remembered the security case for not honoring top-level A > records: it has to do with abbreviated DNS names used in intranets. > Suppose http://ai.example.com/ is an internal-use-only server for > example.com employees, whose computers have all been configured to retry > NXDOMAINs by tacking '.example.com' on the end,
Is that the common "search suffix" behaviour, then? A typed domain is tried and if NXDOMAIN is returned, the suffixed versions are tried? It's never the case that it tries suffixes first? ? and a great deal of > internal URLs are therefore written http://ai/whatever. But the retry > only happens if an A query for ai. returns NXDOMAIN; a public A query > for ai. that returns an address will *supersede* the expected behavior > and redirect intended-to-be-private HTTP requests to the external > server. Depending on what the internal server does, this could cause a > disastrous data leak. Isn't this also a problem for http://foo.corp/ if "corp" gets registered as a TLD? Has ICANN 'reserved' some suffixes for internal use which it guarantees will never be TLDs, to allow smart network admins to avoid this problem? Gerv _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
