The /etc/hosts file
As your machine gets started, it will need to know the mapping of some hostnames to IP addresses before DNS can be referenced. This mapping is kept in the /etc/hosts file. In the absence of a name server, any network program on your system consults this file to determine the IP address that corresponds to a host name.
Format:
<IP> <HOSTNAME>.<DOMAIN> <ALIAS>
Example:
127.0.0.1 localhost.localdomain localhost
The hosts file contains lines of text consisting of an IP address in the first text field followed by one or more host names.
- Each field is separated by white space (blanks or tabulation characters).
- Comment lines may be included; they are indicated by a hash character (#) in the first position of such lines.
- Entirely blank lines in the file are ignored.
Modifying the hosts file will override the DNS for a domain, on that particular machine.
Many "Internet Ready" operating systems use a hosts file, including Microsoft Windows, Macintosh OSX, and the various *NIX variations. The UNIX standard location for the hosts file is in /etc and is a plain text file.
Linux
When an entry is made in /etc/hosts on a linux system the lookup order causes the hosts entry to be used first.
Testing the resolution of an entry added to the hosts file cannot be done with the "nslookup" or "hosts" command. These commands ignore /etc/hosts and go directly to DNS for name resolution. However, if you use the "ping" command or attempt to open a "telnet" connection, resolution is done first with the /etc/hosts file.
Multiple Hosted IP Addresses
127.0.0.1 localhost localhost 192.168.1.3 alpha.domain.com alpha bravo 192.168.1.4 delta.domain.com delta 192.168.1.5 foxtrot.domain.com foxtrot
If "ping alpha" or "ping bravo" is used, both will return 192.168.1.3 as will "ping alpha.domain.com".
Another example from a CentOS system.
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.10.25.0 echo.foo.com echo 10.10.25.1 bravo.foo.com bravo
The default Redhat format for the loopback interface is used.
Debian
In the Debian Linux Distribution, or distributions such as Ubuntu that are Debian based, the hosts file looks something like this:
127.0.0.1 localhost 127.0.1.1 <host_name> # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
The IP address 127.0.1.1 in the second line is unique to Debian. The Debian Installer creates this entry for a system without a permanent IP address as a workaround for buggy software such as the Gnome desktop.
For a system with a permanent IP address, that permanent IP address should be used here instead of 127.0.1.1.
For a system with a permanent IP address and a fully qualified domain name (FQDN) provided by the Domain Name System (DNS), that canonical <host_name>.<domain_name> should be used instead of just <host_name>.
Local DNS Poisoning
When an Internet domain is entered in /etc/hosts pointing to an IP address other than that which it resolves to publicly, the domain is redirected or "blocked" in a fashion known as local DNS poisoning. It can be used as a crude way to filter or block access to an unwanted web site on a local machine, such as blocking an advertisement server.
Example:
127.0.0.1 localhost 127.0.0.1 youtube.com 127.0.0.1 www.youtube.com 127.0.0.1 facebook.com 127.0.0.1 www.facebook.com
Remember to close the web browser, and open again to clear the cashed ARP listing.