Misconfigured DNS allows same-site-scripting

We got a bug report at HackerOne which I am not sure what to do about. Here it is to get input from our sysadmins (which need to fix it anyway, in case it's deemed valid):

Same site scripting

I have found an error of some misconfigrured DNS in a subdomain of yours which causes same site scripting.

Steps To Reproduce:

Step 1 : Go to terminal or cmd
Step 2 : Now type host localhost.torproject.org
Step 3 : Has Now you can see the response from localhost 127.0.0.1
Step 4 : This lead to Same site scripting

Referance :

http://www.securityfocus.com/archive/1/486606/30/0/threaded

Solution:

Kindly remove DNS record from nameserver or use that subdomain.

Impact

Same site scripting may lead to internal DOS

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information