should one use a " IN A my_ipaddress" dns record?

3 posts / 0 new
Last post
#1 Sat, 09/22/2018 - 22:41

should one use a " IN A my_ipaddress" dns record?

Hi guys, i note that in Virtualmin>Server Configuration>Suggested DNS Records,

virtualmin is suggesting the localhost A Record IN A

In reading stack about this it appears to be a couple of trains of thought on whether or not it should be used. I post the following opposing views, and ask what you guys think? is sometimes included on internal DNS servers to prevent "localhost" requests leaking out to the internet (for the case where John Smith types http://localhost/ in his browser & for whatever reason his resolver doesn't look in the hosts file, appends his search path ( & starts asking name servers what that resolves to).

You don't have to have a localhost entry (and if your ISP thinks that's "the way BIND works" they're either misguided or idiots: BIND serves what's in the zone file, and if they remove the localhost line it will stop serving that record). As a free example, doesn't resolve, and I bet the NS for that domain is running BIND.

The XSS vector is something I'd never thought of, but it is something of concern: having a localhost entry in your public DNS means any hacked machine could be "in your domain" (by running a webserver on and potentially do all sorts of nasty things. Probably a good enough reason to get rid of the entry.


Assuming that your internal name resolution is handling name resolution properly, any DNS request for localhost should never go to your external DNS provider, and so this shouldn't be a problem at all.

One reason why someone would do this, that I can think of off the top of my head, is if someone once used a web authoring tool that screwed up with a load of absolute references to http://localhost, but that assumes that your ISP was also hosting on their DNS boxes and is a long shot.

However, RFC 1537 does specify:

There has been extensive discussion about whether or not to append the local domain to it. The conclusion was that "localhost." would be the best solution; reasons given were:

"localhost" itself is used and expected to work on some systems.

translating into "localhost.my_domain" can cause some software to connect to itself using the loopback interface when it didn't want to.

Note that all domains that contain hosts should have a "localhost" A record in them.

So strictly speaking it appears as though your ISP is correct to include localhost, but incorrect to use the fully-qualified name.
Sun, 09/23/2018 - 13:50


Virtualmin adds that by default, and I just leave it in there.

But I don't think that gets used very often, if at all... I don't think you'd run into problems by removing it.

Most references to "localhost" would be covered by the entry that exists in /etc/hosts.

For me, it falls into the category of "It's not hurting anything, so I might as well leave it there" :-)


Sun, 09/23/2018 - 21:59

thanks for that.

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

Topic locked