alt Hacker News> we accept RFC 1918 and CGNAT addresses in records
Doesn't that cause security issues by making it possible to put other people's private servers (that you want to do XSS-type attacks against) into your domains or something? I have a vague memory of it being a security no-no somehow.
Replies
akerl_ • today at 12:06 PM
Basically any DNS provider allows this (plus anybody can buy a domain and run their own DNS server).
The defense against this has to happen either on the resource you want to protect or in the browser.
There are a few things to think about yes, I actually post in the fleet guide parts of it that it should be considered before posting. the dns rebind issue but that should be controlled by host header validation, CSRF, same-site cookies etc. Internal topology disclosure — real. but we dont post it. You can do the same in Cloudflare for example.