Difference between revisions of "The /etc/hosts file"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
(Local DNS Poisoning)
 
(One intermediate revision by one user not shown)
Line 16: Line 16:
 
Many "Internet Ready" operating systems use a hosts file, including Microsoft Windows, Macintosh OSX, and the various *NIX variations.  The UNIX standard location for the hosts file is in /etc and is a plain text file.
 
Many "Internet Ready" operating systems use a hosts file, including Microsoft Windows, Macintosh OSX, and the various *NIX variations.  The UNIX standard location for the hosts file is in /etc and is a plain text file.
  
== Debian ==
+
== Linux ==
 +
 
 +
When an entry is made in /etc/hosts on a linux system the lookup order causes the hosts entry to be used first. 
 +
 
 +
Testing the resolution of an entry added to the hosts file cannot be done with the "nslookup" or "hosts" command. These commands ignore /etc/hosts and go directly to DNS for name resolution.  However, if you use the "ping" command or attempt to open a "telnet" connection, resolution is done first with the /etc/hosts file.
 +
 
 +
=== Multiple Hosted IP Addresses ===
 +
 
 +
127.0.0.1 localhost localhost
 +
192.168.1.3 alpha.domain.com alpha bravo
 +
192.168.1.4 delta.domain.com delta
 +
192.168.1.5 foxtrot.domain.com foxtrot
 +
 
 +
If "ping alpha" or "ping bravo" is used, both will return 192.168.1.3 as will "ping alpha.domain.com".
 +
 
 +
Another example from a CentOS system.
 +
 
 +
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
 +
10.10.25.0 echo.foo.com echo
 +
10.10.25.1 bravo.foo.com bravo
 +
 
 +
The default Redhat format for the loopback interface is used.
 +
 
 +
=== Debian ===
  
 
In the Debian Linux Distribution, or distributions such as Ubuntu that are Debian based, the hosts file looks something like this:
 
In the Debian Linux Distribution, or distributions such as Ubuntu that are Debian based, the hosts file looks something like this:

Latest revision as of 17:26, 27 June 2014

As your machine gets started, it will need to know the mapping of some hostnames to IP addresses before DNS can be referenced. This mapping is kept in the /etc/hosts file. In the absence of a name server, any network program on your system consults this file to determine the IP address that corresponds to a host name.

Format:

<IP> <HOSTNAME>.<DOMAIN> <ALIAS>

Example:

127.0.0.1 localhost.localdomain localhost

The hosts file contains lines of text consisting of an IP address in the first text field followed by one or more host names.

  • Each field is separated by white space (blanks or tabulation characters).
  • Comment lines may be included; they are indicated by a hash character (#) in the first position of such lines.
  • Entirely blank lines in the file are ignored.

Modifying the hosts file will override the DNS for a domain, on that particular machine.

Many "Internet Ready" operating systems use a hosts file, including Microsoft Windows, Macintosh OSX, and the various *NIX variations. The UNIX standard location for the hosts file is in /etc and is a plain text file.

Linux

When an entry is made in /etc/hosts on a linux system the lookup order causes the hosts entry to be used first.

Testing the resolution of an entry added to the hosts file cannot be done with the "nslookup" or "hosts" command. These commands ignore /etc/hosts and go directly to DNS for name resolution. However, if you use the "ping" command or attempt to open a "telnet" connection, resolution is done first with the /etc/hosts file.

Multiple Hosted IP Addresses

127.0.0.1	localhost		localhost
192.168.1.3	alpha.domain.com	alpha		bravo
192.168.1.4	delta.domain.com	delta
192.168.1.5	foxtrot.domain.com	foxtrot

If "ping alpha" or "ping bravo" is used, both will return 192.168.1.3 as will "ping alpha.domain.com".

Another example from a CentOS system.

127.0.0.1	localhost localhost.localdomain	localhost4 localhost4.localdomain4
10.10.25.0	echo.foo.com	echo
10.10.25.1	bravo.foo.com	bravo

The default Redhat format for the loopback interface is used.

Debian

In the Debian Linux Distribution, or distributions such as Ubuntu that are Debian based, the hosts file looks something like this:

127.0.0.1 localhost
127.0.1.1 <host_name>

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

The IP address 127.0.1.1 in the second line is unique to Debian. The Debian Installer creates this entry for a system without a permanent IP address as a workaround for buggy software such as the Gnome desktop.

For a system with a permanent IP address, that permanent IP address should be used here instead of 127.0.1.1.

For a system with a permanent IP address and a fully qualified domain name (FQDN) provided by the Domain Name System (DNS), that canonical <host_name>.<domain_name> should be used instead of just <host_name>.

Local DNS Poisoning

When an Internet domain is entered in /etc/hosts pointing to an IP address other than that which it resolves to publicly, the domain is redirected or "blocked" in a fashion known as local DNS poisoning. It can be used as a crude way to filter or block access to an unwanted web site on a local machine, such as blocking an advertisement server.

Example:

127.0.0.1       localhost
127.0.0.1       youtube.com
127.0.0.1       www.youtube.com
127.0.0.1       facebook.com
127.0.0.1       www.facebook.com

Remember to close the web browser, and open again to clear the cashed ARP listing.