127.0.0.1 DNS-resolution is blocked by some ISPs #15
Description
(I don't think there's anything we can do about this, but I thought this would be useful to report, as documentation)
While using localhost.direct in a few places worldwide, I've noticed that there's some ISPs that block the DNS-resolution of localhost.direct and any other domain name that resolves to 127.0.0.1. A RIPE Atlas probe showed about 12% of DNS requests for localhost.direct get rejected in some way or another (i.e. not resulting in an A-record with 127.0.0.1).
Asking some friendly DNS operators, they say such filtering is to assuage XSS concerns, and prevent DNS rebinding attacks.
Workarounds that have worked for me:
- Adding the following to my
/etc/hosts, so no DNS lookup is required:
127.0.0.1 localhost.direct
- Using a VPN, so that the local ISP can't filter my DNS traffic.