A mischievous person renting a domainname can list <i>any</i> public or private IP addresses in her A records; and she can list any nameservers, including ones with which she has no relationship. She can list an IP address that the user may be utilising or renting.<p>I use a fast DNS resolution solution that only queries authoritative servers and stores IPs in constant, perfect hash databases, then in kdb+. No caches. I see the IP addresses that are returned in DNS packets not as ephemeral and inconseqential, but as entries in a database that need to be validated before insert.<p>If I see some nonsense like 127.0.0.1 in an A record, let alone a public IP address that Im using, it is rejected. I have seen NS records with 127.0.0.1 as well.<p>Are there DNS rebinding attacks that do not use iframes, Javascript or some other way to trigger automatic lookups <i>without user interaction</i>? In theory perhaps. But every attack I have seen relies on triggering lookups automatically.<p>Its too bad the popular browsers make automatic requests for resources, automatically follow redirects and do not allow users to disable this default behavior.<p>However users can make use of less complex HTTP clients that do not make such automatic requests and where redirects can be disabled. These can be used in tandem with the popular browsers to give users more transparency and control.<p>Also isnt it possible to use SSL/TLS for localhost JSON-RPC? Theoretically couldnt users make use of client certificates?<p>Just a thought.