wiki:DnsHosts

Wiki's under this subject

    Hosts files

    The hosts file is one of several system facilities that assists in addressing network nodes in a computer network. It is a common part of an operating system's Internet Protocol (IP) implementation, and serves the function of translating human-friendly hostnames into numeric protocol addresses, called IP addresses, that identify and locate a host in an IP network.

    In some operating systems, the contents of the hosts file is used preferentially to other name resolution methods, such as the Domain Name System (DNS), but many systems implement name service switches, e.g., nsswitch.conf for Linux and Unix, to provide customization. Unlike remote DNS resolvers, the hosts file is under the direct control of the local computer's administrator

    Hosts File formatting

    The layout for the hosts file formatting is standardized in 952

    Hosts File content

    The hosts file contains lines of text consisting of an IP address in the first text field followed by one or more host names. Each field is separated by white space – tabs are often preferred for historical reasons, but spaces are also used. Comment lines may be included; they are indicated by an octothorpe (#) in the first position of such lines. Entirely blank lines in the file are ignored. For example, a typical hosts file may contain the following:

    127.0.0.1 localhost
    
    # The following lines are desirable for IPv6 capable hosts
    ::1 ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    

    This example only contains entries for the loopback addresses of the system and their host names, a typical default content of the hosts file. The example illustrates that an IP address may have multiple host names (localhost and loopback), and that a host name may be mapped to both IPv4 and IPv6 IP addresses, as shown on the first and second lines respectively.

    127.0.0.1 or 0.0.0.0

    The usage of either 127.0.0.1 or 0.0.0.0 to be used for loopback address to block contents is dependent of which OS and OS:Version you are using.

    A rule of thumb is
    • Windows <= 7 should use 127.0.0.1
    • Linux distros loading the hosts file into DnsMasq should be choosing between both layouts with a weight of +1 to 0.0.0.0 as it would return NXDOMAIN
    • Everyone else should be using 0.0.0.0

    The advantage of using 0.0.0.0 over 127.0.0.1 is that the 0.0.0.0 is a non rout able address and should timeout faster. This is also relate to the timeout issue that will occur if you are running a local web-service on port :80 and/or :443.

    Location in the file system

    The location of the hosts file in the file system hierarchy varies by operating system. It is usually named hosts, without an extension.

    Operating System Version(s) Location
    Unix, Unix-like, POSIX /etc/hosts
    Microsoft Windows 3.1 %WinDir%\HOSTS
    95, 98, ME %WinDir%\hosts
    NT, 2000, XP, 2003, Vista, 2008, 7, 2012, 8, 10 %SystemRoot%\System32\drivers\etc\hosts
    Windows Mobile, Windows Phone Registry key under HKEY_LOCAL_MACHINE\Comm\Tcpip\Hosts
    Apple Macintosh 9 and earlier Preferences or System folder
    Mac OS X 10.0–10.1.5 (Added through NetInfo or niload)
    Mac OS X 10.2 and newer /etc/hosts (a symbolic link to /private/etc/hosts)
    Novell NetWare SYS:etc\hosts
    OS/2 & eComStation "bootdrive":\mptn\etc\
    Symbian Symbian OS 6.1–9.0 C:\system\data\hosts
    Symbian OS 9.1+ C:\private\10000882\hosts
    MorphOS NetStack ENVARC:sys/net/hosts
    AmigaOS < 4 AmiTCP:db/hosts
    4 DEVS:Internet/hosts
    AROS ENVARC:AROSTCP/db/hosts
    Android /etc/hosts (a symbolic link to /system/etc/hosts)
    iOS iOS 2.0 and newer /etc/hosts (a symbolic link to /private/etc/hosts)
    TOPS-20 <SYSTEM>HOSTS.TXT
    Plan 9 /lib/ndb/hosts
    BeOS /boot/beos/etc/hosts
    Haiku /system/settings/network/hosts
    OpenVMS UCX UCX$HOST
    TCPware TCPIP$HOST
    RISC OS 3.7, 5 !Boot.Resources.!Internet.files.Hosts
    later boot sequence !Boot.Choices.Hardware.Disabled.Internet.Files.Hosts

    Extended applications

    In its function of resolving host names, the hosts file may be used to define any hostname or domain name for use in the local system.

    Redirecting local domains
    Some web service and intranet developers and administrators define locally defined domains in a LAN for various purposes, such as accessing the company's internal resources or to test local websites in development.
    Internet resource blocking
    Entries in the hosts file may be used to block online advertising, or the domains of known malicious resources and servers that contain spyware, adware, and other malware. This may be achieved by adding entries for those sites to redirect requests to another address that does not exist or to a harmless destination such as the local machine. Commercial software applications may be used to populate the hosts file with entries of known undesirable Internet resources automatically. In addition, user-created hosts files which block nuisance servers are publicly available.

    Fravia described these files variously as "scrolls", "precious", and "powerful" in his anti-advertisement pages, where this usage of hosts was first published.

    Software piracy
    Some pirated versions of software rely on a modified hosts file to prevent software from contacting the activation servers of the publisher, although activation servers sometimes appear in general purpose hosts files.

    Common security issues

    The hosts file may present an attack vector for malicious software. The file may be modified, for example, by adware, computer viruses, or trojan horse software to redirect traffic from the intended destination to sites hosting malicious or unwanted content. The widespread computer worm Mydoom.B blocked users from visiting sites about computer security and antivirus software and also affected access from the compromised computer to the Microsoft Windows Update website. In some cases malware has modified the library responsible for loading the hosts file in order to redirect it to a file it is able to control freely.

    Hosts file vs Unbound test

    In this test I'm going to give you a quick and dirty idea about why the usage of hosts file is the worst idea ever for content blocking.

    First of, the hosts file only designed to have a very limited number of records, the second reason is simply the share size of modern hosts files that will brake almost any non *nix OS, yet the hosts file can be big enough to brake even a Linux Distro.

    Take a Look at these examples of issues where Windows Users simply looses there entire network, do to timeout in loading the hosts file.

    This took me only 4 - 5 minutes to locate...

    The test data

    wc -l output/domains/ACTIVE/list 
    1.789.872 output/domains/ACTIVE/list
    

    Test command used with unbound

    time dig +noall @127.0.0.1 -p 53 -f output/domains/ACTIVE/list
    

    Explanation:::

    • time is a Unix tool to measure the time taken for a command to complete
    • dig The best tool to test DNS. It's part of the bind-tools
    • +noall Set or clear all display flags
    • @ Which DNS-server to use for the test @127.0.0.1 therefore means localhost
    • p Which port to forward the query too
    • f input file which contains domains to test

    Unbound test Data

    All data is setup as always_nxdomain

    local-zone: "example.org" always_nxdomain
    

    Test stat before first run:

    unbound-control stats | grep total
    total.num.queries=0
    total.num.queries_ip_ratelimited=0
    total.num.cachehits=0
    total.num.cachemiss=0
    total.num.prefetch=0
    total.num.zero_ttl=0
    total.num.recursivereplies=0
    total.requestlist.avg=0
    total.requestlist.max=0
    total.requestlist.overwritten=0
    total.requestlist.exceeded=0
    total.requestlist.current.all=0
    total.requestlist.current.user=0
    total.recursion.time.avg=0.000000
    total.recursion.time.median=0
    total.tcpusage=0
    

    1. Unbound test

    real    4m31,098s
    user    3m0,287s
    sys     2m10,670s
    
    total.num.queries=1789872
    total.num.queries_ip_ratelimited=0
    total.num.cachehits=1789872
    total.num.cachemiss=0
    total.num.prefetch=0
    total.num.zero_ttl=0
    total.num.recursivereplies=0
    total.requestlist.avg=0
    total.requestlist.max=0
    total.requestlist.overwritten=0
    total.requestlist.exceeded=0
    total.requestlist.current.all=0
    total.requestlist.current.user=0
    total.recursion.time.avg=0.000000
    total.recursion.time.median=0
    total.tcpusage=0
    

    Notice the total.num.queries=1789872 and total.num.cachehits=1789872 are equal

    2. Unbound test

    real    4m38,948s
    user    3m6,641s
    sys     2m14,106s
    
    total.num.queries=3579744
    total.num.queries_ip_ratelimited=0
    total.num.cachehits=3579744
    total.num.cachemiss=0
    total.num.prefetch=0
    total.num.zero_ttl=0
    total.num.recursivereplies=0
    total.requestlist.avg=0
    total.requestlist.max=0
    total.requestlist.overwritten=0
    total.requestlist.exceeded=0
    total.requestlist.current.all=0
    total.requestlist.current.user=0
    total.recursion.time.avg=0.000000
    total.recursion.time.median=0
    total.tcpusage=0
    

    Again the total.num.queries=3579744 and total.num.cachehits=3579744 are equal

    Thats good +1

    Unbound caching

    In this test we will use dig to lookup an external domain which isn't in our blocklist.

    First dig is a lookup of www.mypdns.org

    time dig +noall @127.0.0.1 -p 53 www.mypdns.org
    
    real    0m1,681s
    user    0m0,016s
    sys     0m0,004s
    
    Second run
    time dig +noall @127.0.0.1 -p 53 www.mypdns.org
    
    real    0m0,025s
    user    0m0,016s
    sys     0m0,009s
    

    Now let's get the cache stats

    total.num.queries=3579746
    total.num.cachehits=3579745
    

    This time the queries is +1 to cachehits :smiling_imp:

    Hosts test Data

    Let's do the same, where the records is added to the /etc/hosts files and the local DNS is disabled

    cat /etc/resolv.conf
    nameserver 213.133.99.99
    nameserver 213.133.100.100
    nameserver 213.133.98.98
    
    time dig +noall www.mypdns.org
    
    real    0m1,031s
    user    0m0,021s
    sys     0m0,008s
    
    time dig +noall www.mypdns.org
    
    real    0m0,026s
    user    0m0,015s
    sys     0m0,012s
    

    Test command Hosts

    time while read line; do getent ahosts $line; done < output/domains/ACTIVE/list
    

    1. Hosts test

    real    9411m8,908s
    user    8732m51,608s
    sys     675m54,859s
    

    2. Hosts test

    Do to the consumed time by this test, there won't be a second test run, and the time diffrents speaks laoudly for them self.

    New Unbound test

    As notices later in the original thraed where spirillen have originally published this simplified test, there is in fact an issue using dig to test hosts files, therefore I'm starting a third test of unbound, with the same test string, as with the hosts file.

    time while read line; do getent ahosts $line; done < output/domains/ACTIVE/list
    
    Result
    real    98m8,897s
    user    48m50,247s
    sys     49m41,709s
    

    Unbound test with wget

    Test command
    time wget --no-config --spider -4 --delete-after -i output/domains/ACTIVE/list
    
    Test result
    real    7m5,683s
    user    1m58,984s
    sys     2m43,794s
    ------------------------
    
    ------------------------
    real    6m53,000s
    user    1m58,163s
    sys     2m42,103s
    

    As this "quick" dirty test shows, there are several god reasons to consider switching to a DNS Resolver like Unbound on Windows and Apple.

    Note for Apple OS

    I've crome across a site that stated there should be a prebuild of unbound. is should be posible to install it by brew install unbound


    Dns related articles
    DnsDist, DnsFirewall, DnsHosts, DnsMasq, DnsScripts, DnsSetup
    Last modified 11 days ago Last modified on 2020-02-10T16:40:37+01:00
    Note: See TracWiki for help on using the wiki.