I noticed firefox likes to append my internal domain to DNS lookups when A record lookups are refused. In a split DNS environment, It would seem to me that this may permit external DNS/HTTP servers to redirect http queries to unintended internal, and external content. The example below is me configuring my hostname to x1.test1.com and then doing lookups to a DNS server that doesn't recurse, but does serve wildcard domains for hosts it is authoritative for. Note that the second appended DNS query is predictable, and the hostname could be injected via markup. The http query completes because the apache server is also configured for wildcard hostnames. I just stumbled on this behavior by accident. Is this supposed to work this way? Can I turn this off in the browser? How?