mouss wrote: > $ host localhost 127.0.0.1 > localhost.netoyen.net has address 127.0.0.1
You forgot the trailing dot, so it tacked your own domain onto the end of that. I'm believe "localhost.$domain" is not required by any specs and is non-standard. ... That's okay, I'll just assume your DNS serves that A record as you've stated. I've got servers all over the place, so here's a better tally than the previous hasty checks. This crosses FreeBSD, Red Hat, and Debian just fine, since it's more a result of the upstream DNS than the local instances. I've purposefully removed any DNS servers I administer from consideration, instead using their upstream sources. Results: two of my company's colocation providers resolve localhost while the three others do not. My office T1s do not. My alma mater does not (and unless I'm mistaken, neither do its upstream providers). My home cable does not. Four of my colos resolve 1.0.0.127.in-addr.arpa while one does not. My cable ISP resolves it, and my office T1s resolve it to the wrong domain (as a subdomain of one of their subsidiaries). My alma mater also resolves it. > It does here. we BSD users love DNS ;-p This is not OS-dependent. My BSD boxes exhibit the same results as the Linux boxes, and the BSD box running a BIND server fails to resolve localhost (note, BIND was not installed via ports). To be thorough, I checked host, dig, and nslookup on a BSD server to ensure consistency. >>> Maybe SPF, I expect someone to comment on this... >> Same problem as above: "localhost" is not actually a domain. > > it _is_. [...] In contrast, "localdomain" is not a valid TLD. Are you also arguing that the "localhost" FQDN has a TXT record in addition to its A record? How can you argue that localhost is a FQDN while localdomain, which is equally hacked, is not a TLD? "localhost" is not a domain because it has no whois entry and no NS record (which consequently means no A record and no TXT record). It is reserved. >> I suppose I could place such an entry in my local DNS server... >> Actually, I like that idea. Don't forget to also create an A record! >> >> You'll want TXT record "v=spf1 ip4:127.0.0.0/8 -all" for both >> localhost. and localhost.localdomain. > > why bother yourself with SPF since nobody remote should call himself > "localhost". localhost is a reserved domain. Two proposals with the same goal have been made: specific hunting for localhost and friends or SPF entries for them. Since this specific hunting is not built into SA or the MTA by default, it must be added, just as SPF would need. I chose to add SPF; six of one, half-a-dozen of the other. Let me rephrase my whole argument: Different DNS servers, depending on their administrators, have different results for localhost and localhost.localdomain. Even rDNS on 127.0.0.1 can fail to resolve (or resolve correctly). Therefore, it may be troublesome to make assumptions on these grounds. That's it.
