You've excluded the answer. Running a local resolver is quite simple. One tiny process running with a single config file is going to be as simple as (if not more so) any other possible solution you'll find.
> As noted in the ingress, the web browser is the primary application.
In Firefox, about:networking and about:networking#dns are the http cache and dns cache. I have never considered writing values to these directly. Could there be a method for doing so within the developer console? Perhaps someone knows.
Since you can't edit hosts, or setup a resolver, maybe bookmark directly the ips on your browser? I understand you asked for hostnames but given the context you might aswell internalize some local ips.
Does anyone actually ban 127 resolution to stop dns rebinding? I feel like that would probably break a lot of things while not actually preventing dns rebinding.
anything that could capture the traffic of another application outside of that application is likely gonna need super user privs. the ports it flows on need those to capture it, and running a program which could capture it also likely needs it.
that being said: more context would thus help. what application is making the request, and at what point do you expect to intercept or get that request? is that outside the same app or not?
edit:
also, can you atleast set it up as root or does everything need to happen as user? (and the OS might also matter)
As noted in the ingress, the web browser is the primary application. It must work for an end-user lacking the technical facilities or even sufficient administrative access to install a resolver or edit the system's hosts file. A browser extension would be a great solution.
Or if you need records other than A/AAAA, like MX for delivering email: https://anyz.one
e.g. 10.2.3.4.anyz.one will refer the recursive resolver to query 10.2.3.4 for the answer to the query. You can also buy a domain and configure it to do that, but this is quicker
I want to note that I mean to use such internal hostnames to reach services inside a VPN. If solutions such as IPsec or OpenVPN can somehow push and manifest host->IP correlations for the OS, as an alternative to pushing an additional DNS resolver living inside the VPN, that would also be a viable solution.
You've excluded the answer. Running a local resolver is quite simple. One tiny process running with a single config file is going to be as simple as (if not more so) any other possible solution you'll find.
> As noted in the ingress, the web browser is the primary application.
In Firefox, about:networking and about:networking#dns are the http cache and dns cache. I have never considered writing values to these directly. Could there be a method for doing so within the developer console? Perhaps someone knows.
There are replies in the below link that touch on it for Chrome. The top suggestion, however, is using a socks 5 proxy server as a workaround. https://superuser.com/questions/184643/override-dns-in-firef...
You are probably running a resolver on the LAN already, in your router. Now you just have to login and add an entry.
Since you can't edit hosts, or setup a resolver, maybe bookmark directly the ips on your browser? I understand you asked for hostnames but given the context you might aswell internalize some local ips.
1. Buy domain for your service
2. Make wildcard record to point to 127.0.0.1
3. User can apply any.thing.here.yourcompanyinternal.xxx
https://en.wikipedia.org/wiki/DNS_rebinding protection will stop this from working "hopefully" ;)
but `--host-resolver-rules` may work, https://chromium.googlesource.com/chromium/src/+/main/net/ba... @terry_hc
> https://en.wikipedia.org/wiki/DNS_rebinding protection will stop this from working "hopefully" ;)
Does anyone actually ban 127 resolution to stop dns rebinding? I feel like that would probably break a lot of things while not actually preventing dns rebinding.
https://docs.google.com/document/d/1QQkqehw8umtAgz5z0um7THx-... is in Beta channel now
_Someone_ must have already done this, right?
*.lndo.site 127.0.0.1
This domain is used by https://lando.dev/ which is a docker/docker-compose wrapper for local development.
Would it be a problem to disclose it, in terms of it getting shutdown?
This feels like an X-Y problem. What's preventing you from running a local copy of Dnsmasq? It's really not difficult
If your programs use glibc, it supports hosts overrides in an environment variable, forgot which.
anything that could capture the traffic of another application outside of that application is likely gonna need super user privs. the ports it flows on need those to capture it, and running a program which could capture it also likely needs it.
that being said: more context would thus help. what application is making the request, and at what point do you expect to intercept or get that request? is that outside the same app or not?
edit: also, can you atleast set it up as root or does everything need to happen as user? (and the OS might also matter)
As noted in the ingress, the web browser is the primary application. It must work for an end-user lacking the technical facilities or even sufficient administrative access to install a resolver or edit the system's hosts file. A browser extension would be a great solution.
https://nip.io/
Or if you need records other than A/AAAA, like MX for delivering email: https://anyz.one
e.g. 10.2.3.4.anyz.one will refer the recursive resolver to query 10.2.3.4 for the answer to the query. You can also buy a domain and configure it to do that, but this is quicker
Disclosure: I wrote anyzone
I want to note that I mean to use such internal hostnames to reach services inside a VPN. If solutions such as IPsec or OpenVPN can somehow push and manifest host->IP correlations for the OS, as an alternative to pushing an additional DNS resolver living inside the VPN, that would also be a viable solution.
Tailscale is very easy to set up and provides resolvable hostnames (at an OS level) for all connected devices.
Tailscale requires superuser/admin