Page MenuHomeMy privacy DNS

DNS Hosts
Updated 560 Days AgoPublic

Hosts files

The hosts file is one of several system facilities that assists in addressing network nodes in a computer network. It is a common part of an operating system's Internet Protocol (IP) implementation, and serves the function of translating human-friendly hostnames into numeric protocol addresses, called IP addresses, that identify and locate a host in an IP network.

In some operating systems, the contents of the hosts file is used preferentially to other name resolution methods, such as the Domain Name System (DNS), but many systems implement name service switches, e.g., nsswitch.conf for Linux and Unix, to provide customization. Unlike remote DNS resolvers, the hosts file is under the direct control of the local computer's administrator

Hosts File formatting

The layout for the hosts file formatting is standardized in rfc:952

Hosts File content

The hosts file contains lines of text consisting of an IP address in the first text field followed by one or more host names. Each field is separated by white space – tabs are often preferred for historical reasons, but spaces are also used. Comment lines may be included; they are indicated by an octothorpe(Hashtag) in the first position of such lines. Entirely blank lines in the file are ignored. For example, a typical hosts file may contain the following:

127.0.0.1 localhost

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

This example only contains entries for the loopback addresses of the system and their host names, a typical default content of the hosts file. The example illustrates that an IP address may have multiple host names (localhost and loopback), and that a host name may be mapped to both IPv4 and IPv6 IP addresses, as shown on the first and second lines respectively.

127.0.0.1 or 0.0.0.0

The usage of either 127.0.0.1 or 0.0.0.0 to be used for loopback address to block contents is dependent of which OS and OS:Version you are using.

A rule of thumb is:

  • Windows <= 7 should use 127.0.0.1
  • Linux distros loading the hosts file into DnsMasq should be choosing between both layouts with a weight of +1 to 0.0.0.0 as it would return NXDOMAIN
  • Everyone else should be using 0.0.0.0

The advantage of using 0.0.0.0 over 127.0.0.1 is that the 0.0.0.0 is a non-routable address and should timeout faster. This is also relate to the timeout issue that will occur if you are running a local web-service on port :80 and/or :443.

Location in the file system

The location of the hosts file in the file system hierarchy varies by operating system. It is usually named hosts, without an extension.

Operating SystemVersion(s)Location
Unix, Unix-like, POSIX/etc/hosts
Microsoft Windows3.1%WinDir%\HOSTS
95, 98, ME%WinDir%\hosts
NT, 2000, XP, 2003, Vista, 2008, 7, 2012, 8, 10%SystemRoot%\System32\drivers\etc\hosts
Windows Mobile, Windows PhoneRegistry key under HKEY_LOCAL_MACHINE\Comm\Tcpip\Hosts
Apple Macintosh9 and earlierPreferences or System folder
Mac OS X 10.0–10.1.5(Added through NetInfo or niload)
Mac OS X 10.2 and newer/etc/hosts (a symbolic link to /private/etc/hosts)
Novell NetWareSYS:etc\hosts
OS/2 & eComStation"bootdrive":\mptn\etc\
SymbianSymbian OS 6.1–9.0C:\system\data\hosts
Symbian OS 9.1+C:\private\10000882\hosts
MorphOSNetStackENVARC:sys/net/hosts
AmigaOS< 4AmiTCP:db/hosts
4DEVS:Internet/hosts
AROSENVARC:AROSTCP/db/hosts
Android/etc/hosts (a symbolic link to /system/etc/hosts)
iOSiOS 2.0 and newer/etc/hosts (a symbolic link to /private/etc/hosts)
TOPS-20<SYSTEM>HOSTS.TXT
Plan 9/lib/ndb/hosts
BeOS/boot/beos/etc/hosts
Haiku/system/settings/network/hosts
OpenVMSUCXUCX$HOST
TCPwareTCPIP$HOST
RISC OS3.7, 5Boot.Resources.Internet.files.Hosts
later boot sequenceBoot.Choices.Hardware.Disabled.Internet.Files.Hosts

Extended applications

In its function of resolving host names, the hosts file may be used to define any hostname or domain name for use in the local system.

Redirecting local domains

Some web service and intranet developers and administrators define locally defined domains in a LAN for various purposes, such as accessing the company's internal resources or to test local websites in development.

Internet resource blocking

Entries in the hosts file may be used to block online advertising, or the domains of known malicious resources and servers that contain spyware, adware, and other malware. This may be achieved by adding entries for those sites to redirect requests to another address that does not exist or to a harmless destination such as the local machine. Commercial software applications may be used to populate the hosts file with entries of known undesirable Internet resources automatically. In addition, user-created hosts files which block nuisance servers are publicly available.

Fravia described these files variously as "scrolls", "precious", and "powerful" in his anti-advertisement pages, where this usage of hosts was first published.

Software piracy

Some pirated versions of software rely on a modified hosts file to prevent software from contacting the activation servers of the publisher, although activation servers sometimes appear in general purpose hosts files.

Common security issues

The hosts file may present an attack vector for malicious software. The file may be modified, for example, by adware, computer viruses, or Trojan horse software and Microsoft(known) to redirect traffic from the intended destination to sites hosting malicious or unwanted content. The widespread computer worm Mydoom.B blocked users from visiting sites about computer security and antivirus software and also affected access from the compromised computer to the Microsoft Windows Update website. In some cases malware has modified the library responsible for loading the hosts file in order to redirect it to a file it is able to control freely.

Hosts file vs Unbound test

In the past we have generated a simplified performance test between the usage of hosts formatted files vs using a real DNS-recursor. The numbers in the test speaks loudly for them self. But please take a look at it.

  1. The system hosts file was only designed to have a very limited number of records,
  2. The second reason is simply the share size of modern hosts files that will brake almost any non *nix OS, yet the hosts file can be big enough to brake even a Linux Distro.

Take a Look at these examples of issues where Windows Users simply looses there entire network, do to timeout in loading the hosts file.

These issues only took me about 4 - 5 minutes to locate...

Hosts file vs DNS-Recursors

The Performance test of Hosts file vs DNS-Recursors have been moved to it own wiki

Last Author
AnonymousPoster
Last Edited
Apr 15 2020, 4:06 PM