- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Thu, 16 Jun 2011 14:20:56 -0400
- To: timeless <timeless@gmail.com>
- Cc: public-webapps <public-webapps@w3.org>
On Wed, Jun 15, 2011 at 11:32 PM, timeless <timeless@gmail.com> wrote: > Some computers live behind proxies which do not provide for client > based dns lookups. instead a client tells the proxy "i would like to > talk to <host>" or "i would like to get <url>" and the proxy says > "here's a connection for <host>" or "here's the data for <url>". You mean there are clients that don't have access to any DNS, only HTTP proxies? I haven't heard of that, but it wouldn't surprise me. > An API for doing DNS work will not work in such situations. What you > will probably have is something that "usually works" but fails on any > interesting corporate network, which is unfortunate. Such a network would also fail for WebSockets, SPDY, or lots of other interesting things. That's not a reason to not create such features. Some features aren't going to work for some users. > This is the general reason that DNS APIs aren't exposed. The other > reason is that DNS can easily include private information and browsers > aren't particularly good at understanding what is private and > shouldn't be exposed to web apps. That's my bigger concern. Internal corporate DNS could have lots of interesting info. You might also be able to leverage this for some type of cache poisoning, although I can't think of a specific scenario off the top of my head.
Received on Thursday, 16 June 2011 18:21:43 UTC