January 30 2011 12:00 CET
Some DNS providers will automatically add an A record to your domain for
localhost.<domain>. that points to
The reasons for this are quite technical but the main reason is to allow some software to connect to the loopback device.
Different DNS providers have different views on this issue as is noted in RFC1537.
At DNSapp.net we have opted not to include the localhost record by default. The main reason for this is that it allows some security issues in regard to XSS. Using the localhost record malicious software would be able to run locally and present the user with a domain that she or he might not reckonize as different from the actual domain. Although the Same Origin Policy should not be violated we still feel that it poses a viable security threat.