Comment by roywashere

Comment by roywashere 3 days ago

11 replies

View on Hacker News

Yes, this! I even wonder how else you would do this. By the way I worked with many IoT devices that do not use your dhcp dns but just hardcode quad 8 or similar

cj 3 days ago

We recently had a developer join our team and he got stuck setting up his dev environment.

We use a .dev domain as a localhost alias, and turns out his ISP’s DNS wouldn’t resolve 127.0.0.1 (or whatever it is) for the .dev domain. Changing his resolver at the network level to 1.1.1.1 fixed it.

I imagine there are lots of difficult support tickets for app devs, and at a certain point they just hardcode the DNS to remove one variable from the equation when debugging bug reports.

Reply View 7 replies
  • troyvit 3 days ago

    Wayyyy back in 1995 or '96 I was working for a non-profit called "Next Generation Magazine" and our goal was to have young people write content for web sites to get their names out there. Back then it was all local ISPs, so we went to our ISP and asked for ngm.org and were stoked when we got it! We built out the site (Thanks to Building Killer Websites of course) and it looked awesome!

    Only problem was that nobody in my family out of state could see it. It took awhile to realize realize that we never bought that domain. Our local ISP just added it to their DNS records, and since we all hooked into them we thought we were live across the 'net.

    Reply View 1 reply
    • jonhohle 2 days ago

      That’s incredible!

      I remember one of the first times I used the Internet and opened my local radio station’s website from several states away. It was incredible to me that it worked and I also wondered why anyone across the country would care. The early internet was amazing.

      Reply View 0 replies
  • X-Istence 3 days ago

    Not resolving 127.0.0.1 or RFC1918 addresses or even ULA for IPv6 is done to avoid DNS rebinding attacks. For most end users that is probably the correct move.

    Reply View 4 replies
    • lxgr 3 days ago

      My home router even seems to inspect any UDP/53 traffic and redact any responses containing local/private A entries, so not even switching to a public resolver bypasses the protection.

      I agree that it’s usually the right behavior.

      Reply View 3 replies
      • cj 2 days ago

        Interesting. I hadn’t considered it might be a security feature of his router!

        Reply View 2 replies
admax88qqq 2 days ago

Most isp resolvers are shit and broken

Reply View 2 replies
  • egberts1 2 days ago

    That’s why it is imperative (at least, for a homelab hobbyist) to host your own DNS servers in your own VSP.

    Reply View 1 reply
    • admax88qqq 2 days ago

      Totally, but most IoT customers are not homelab hobbyists, so I think its defensible for IoT vendors to just hard code known good DNS in their devices instead of relying on broken ISP resolvers.

      Related story, there was a period of time where my ISP's resolver that would replace hostnames with no DNS record with their own ad filled garbage page.

      So you mistype google.com to foofle.com or something and instead of getting "host not found" you get... ads.

      Disgusting behaviour IMO.

      Reply View 0 replies