https://github.com/mongodb/specifications/blob/master/source/initial-dns-seedlist-discovery/initial-dns-seedlist-discovery.rst#specification says:

>  The format [of the connection string] is:

mongodb+srv://{hostname}.{domainname}/{options}

This is however misleading, because in addition to DNS hostnames the drivers also accept unix domain socket paths. Coupled with DNS seed list discovery, this permits an attacker able to forge DNS responses to force a driver to establish local unix socket connections. I think this behavior will come as a surprise to system administrators tasked with security policy compliance.

I think DNS seed list discovery spec should either be amended to explicitly acknowledge that DNS records can resolve to local socket connections, or prohibit the driver from accepting unix socket paths from DNS records.