In article <20170913030645.946e88551...@rock.dv.isc.org> you write: >> When we look at edge cases like this, it's tempting to be swept away by >> the futility of trying to close every gap. But it's still worth closing >> the ones we can close. Trying to outlaw localhost.* is hopeless. But >> outlawing *.localhost is certainly valid and viable, and as DNSSEC >> adoption increases, more and more it will be the case that we actually >> need do nothing to break it. "localhost" + search list still fails >> unsafe. > >Why would we want to outlaw *.localhost? Just because it is >inconvient for the IAB and ICANN that they didn't address this issue >correctly years ago.
I concur with Mark that while localhost.<foo> is a problem, <foo>.localhost is not. I've occasionally used that hack to pass traffice to various servers running on 127/8 addresses other than 127.0.0.1. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop