Why does the registered domain name “localtest.me” resolve to 127.0.0.1?

networking dns ip domain localhost
10,755

Solution 1

However, I'm still not sure how you can register an external domain to a local one. This is confusing as a tracert localtest.me never even leaves the machine. How is this handled on the low level?

There is nothing that "binds" the domain to its address in the way that you imagine. Just like a phone book, DNS merely tells you what the address is – but that's where its involvement ends. (You don't dial "Pizza Hut" on the phone; you look up their phone number, and dial the number.)

So, when someone registers a domain name, they just gain the ability to edit those phonebook records. But to actually "point" a domain name somewhere – let's say to 127.0.0.1 – they add this line to its database:

localtest.me.   A   127.0.0.1

That's it. Whoever asks about localtest.me now gets the answer "Oh, it's at 127.0.0.1."

So when you type tracert localtest.me., it first asks DNS about the associated address; gets the answer 127.0.0.1; and then behaves exactly as if you had ran tracert 127.0.0.1 instead. No magic at all.

Are there others? (And how to find them?)

At this point it should be clear that any domain owner can do this without any effort at all, so there is always a probability that other such domains exist at any given time. Due to DNS data being distributed across many systems (sometimes even dynamically generated), you really cannot find them all, or even expect your results to remain accurate after just a few seconds.

But for security purposes, you don't need to find them all. Some DNS resolvers actually already have a kind of filtering for such entries (called "DNS rebinding protection"), and they don't look for specific questions – they only look at the answer. The protection feature just blocks answers which point to any local address.

However, before you ask, this cannot be forbidden globally – pointing domain names to private addresses is still a perfectly legitimate use of DNS, and is used in practice in many networks.

Solution 2

There are other answers that go into deeper detail, but the core of this question is really simple to answer:

“However, I'm still not sure how you can register an external domain to a local one.”

Registering a domain name and assigning an IP address are two completely different and independent things.

Anyone can register any domain name for any reason; you can even register a domain name without having a destination IP address in place. One must simply pay the domain registrar, going trough the virtual “paperwork” and then, like magic, you have a domain name. All you are paying for when you register a domain name is the domain name itself as well as the ability—read below—to assign an IP address to a domain name.

But then assigning an IP address to that domain name is a whole different process. Anyone can assign any IP address to a domain name if they have control of that domain name. The domain name registrar has no care or concern about what pile of raw addresses you assign to a domain name.

All a domain name is is simply a pointer that makes life easier. Think of it as an alias so people don’t have to memorize piles of numbers (IPv4) or numbers and letters (IPv6).

That’s it!

But what happened—as explained by that page you visited—was not a “hack” of every system in the world’s local “127.0.0.1” address, but rather a flaw on that one specific system itself.

But to further clarify this—and this tripped me up the way you worded it as well—when you state:

I was reading an article about Server-Side Request Forgery. In that article the attacker found that 127.0.0.1 was open to the internet.

I read that article as well, and this is what happened: Someone was using an online tool that allowed you to point that tool to any IP address/hostname. When they pointed that tool at 127.0.0.1 it wasn’t that the IP address 127.0.0.1 was exposed to the Internet. Rather, the tool itself had a flaw that allowed anyone to probe the internal server that tool was running on by using 127.0.0.1. And since this tool was explicitly a hacking tool that was used to detect open ports and such, by using 127.0.0.1 that specific application was able to probe it’s own localhost network and—key here—convey that information to someone accessing the tool via just a web browser.

The risk presented was not that every 127.0.0.1 was exposed to the Internet, but rather that sloppy coding on one tool on one site allowed this to happen.

Solution 3

What is so special about localtest.me?

It points to 127.0.0.1 (localhost). This address is always reserved for the local computer.

Are there others? (And how to find them?)

Yes. Google and Super User are your friends (as you found out).

I'm still not sure how you can register an external domain to a local [IP]. This is confusing as a tracert localtest.me never even leaves the machine. How is this handled on the low level?

You're missing the initial (external) DNS request. tracert displays the path a packet takes but before a packet can go anywhere, the computer must know the IP to send it to. With caveats, if you've never visited locatest.me before, a DNS request is made to external resolvers to discover that it maps to 127.0.0.1. The returned data is then used locally (e.g. for tracert or displaying web content). And remember that DNS can map any hostname to any IP - it doesn't "know" if an IP is local or not.

Share:
10,755
not2qubit
Author by

not2qubit

Updated on September 18, 2022

Comments

  • not2qubit
    not2qubit over 1 year

    I was reading an article about Server-Side Request Forgery. In that article the attacker found that 127.0.0.1 was open to the internet. The victim then blocked 127.0.0.1, but because many other IPs and apparently also some domains are also resolved to to that, including the mysterious localtest.me, he was able to bypass a weak text-based filter.

    1. What is so special about localtest.me?

    2. Are there others? (And how to find them?)

    UPDATE

    I found: http://readme.localtest.me/

    Apparently someone decided to register that domain in a funny way, for testing purposes:

    Here’s how it works. The entire domain name localtest.me—and all wildcard entries—point to 127.0.0.1. So without any changes to your host file you can immediate start testing with a local URL.

    However, I'm still not sure how you can register an external domain to a local one. This is confusing as a tracert localtest.me never even leaves the machine. How is this handled on the low level?

    I then found several more in these comments and elsewhere: 

    lvh.me 
vcap.me
fuf.me - IPv4 and IPv6
ulh.us
127-0-0-1.org.uk
ratchetlocal.com
smackaho.st
42foo.com
beweb.com
yoogle.com
ortkut.com
feacebook.com

    And in similar questions on Stack Overflow.

    • Admin
      Admin over 6 years
      This is really simple: Registering a domain name and assigning an IP address are two different things. Anyone can register any domain name for any reason. One must simply pay the domain registrar, going trough the virtual “paperwork” and then, like magic, you have a domain name. But then assigning an IP address to that domain is a whole different beast. Anyone can assign any IP address to a domain name. A domain name is simply a pointer that makes life easier.
    • Admin
      Admin over 6 years
      One such domain name that is connected to quite some disturbance of the force recently is bealocalhost.de
  • not2qubit
    not2qubit over 6 years
    Thanks guys for clarifying. This was definitely an interesting find, as I had no idea that one could also register reserved IP blocks.
  • user1686
    user1686 over 6 years
    Yes. It is not the business of DNS to enforce how addresses may be used.
  • Giacomo1968
    Giacomo1968 over 6 years
    @not2qubit “…I had no idea that one could also register reserved IP blocks.” You are mixing up terms. You need to register a domain name with a registrar; that is a controlled process. You assign an IP address to a domain name; that is a non-controlled process. Any pile of numbers can be assigned to any registered domain name as long as you control the domain name.
  • Joshua Pinter
    Joshua Pinter over 5 years
    "You don't dial "Pizza Hut" on the phone; you look up their phone number, and dial the number." Nice analogy!
  • user1686
    user1686 over 5 years
    Admittedly one that probably won't last long, with Siri/Alexa/Google ordering pizza for you instead...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Get default gateway in java
How do I set a static IP in Ubuntu?
Why is my IPv6 Address showing instead of my IPv4?
How to restore my default DNS?
FQDN on Local Network?
how can i forward requests to my own IP address to a local IP address in my network (possibly using named)?
How link domain name to static IP?
Find a computer's hostname by IP address? ping/nbtstat/nslookup don't work
How to ping an IP address in another domain?
vsftpd returns wrong pasv_address