💾 Archived View for freeshell.de › gemlog › 2023-01-13_DNS_oddity.gmi captured on 2023-07-22 at 16:25:06. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
I have an HTTP demon running locally. It's behind a NAT router, so it shouldn't receive requests from the internet. The stats show the requests with IPs translated to names. I noticed a Brazillian host name listed which seems like it shouldn't be possible. The name resolves to 127.0.0.1 - er, what? So I tried looking it up on other name servers - same.
Obviously someone could have done this by mistake. And probably everything looks ok to them - the web site (or whatever they're hosting) looks right to them, but it isn't loading from where they think it is.
Is this is a security risk? At some point I've been to some page that tried to load something from that host name, but the request went to my local web server, where it would have got a 404... [checks log...] Yes, there were 4 requests, and each got 404. But did I miss something? And would it matter if a host name resolved to a private address (192.168.* or similar)?
Apologies if I missed the obvious.