Thursday, 25 October 2012

How do I use the hosts file?

Introduction

When using the Internet most people connect to web sites, ftp servers or other Internet servers by connecting to a domain name, as in www.bleepingcomputer.com. Internet applications, though, do not communicate via domain names, but rather using IP addresses, such as 192.168.1.1. Therefore when you type a domain name in your program that you wish to connect to, your application must first convert it to an IP address that it will use to connect to.

The way these hostnames are resolved to their mapped IP address is called Domain Name Resolution. On almost all operating systems whether they be Apple, Linux, Unix, Netware, or Windows the majority of resolutions from domain names to IP addresses are done through a procedure called DNS.

What is DNS

DNS stands for Domain Name System and is the standard domain name resolution service used on the Internet. Whenever a device connects to another device on the Internet it needs to connect to it via the IP address of the remote device. In order to get that IP address, DNS is used to resolve that domain name to its mapped IP address. This is done by the device querying its configured DNS Servers and asking that server what the IP address is for that particular domain name. The DNS server will then query other servers on the Internet that know the correct information for that domain name, and then return to the device the IP address. The device will then open a connection directly to the IP address and perform the desired operation.

If you would like a more detailed explanation of the Domain Name System you can find it here: The Domain Name System

Enter the Hosts File

There is another way to resolve domain names without using the Domain Name System, and that is by using your HOSTS file. Almost every operating system that communicates via TCP/IP, the standard of communication on the Internet, has a file called the HOSTS file. This file allows you to create mappings between domain names and IP addresses.

The HOSTS file is a text file that contains IP addresses separated by at least once space and then a domain name, with each entry on its own line. For example, imaging that we wanted to make it so that if you typed in www.google.com, instead of going to Google we would go to www.yahoo.com. In order to do this you would need to find out one of the IP addresses of Yahoo and map www.google.com to that IP address.

NOTE: When inputting entries in the hosts file there must be at least one space between the IP address and the domain name. You should not use any web notations such as \, /, or http://. You can disable a specific entry by putting a # sign in front of it.

You may be wondering why this would work as we said previously that when you need to resolve a domain name to an IP address the device will use its configured DNS servers. Normally this is true, but on most operating system the default configuration is that any mappings contained in the Hosts file overrides any information that would be retrieved from a DNS server. In fact, if there is a mapping for a domain name in a hosts file, then your computer will not even bother querying the DNS servers that are authoritative for that domain, but instead read the IP address directly from the HOSTS file. It is also important to note that when you add entries to your HOSTS file they automatically start working. There is no need to reboot or enter another command to start using the entries in the HOSTS file.

An example HOSTS file can be found here: HOSTS

Please note that there are ways to change the order that your computer performs Domain Name Resolution. If there are problems with HOSTS file not working you may want to read this article that goes into much greater detail on Domain Name Resolution on various operating systems: Understanding Domain Name Resolution

For reference the HOSTS file is located in the following locations for the listed operating systems:

Operating System Location on Hard Drive
Linux/Unix /etc/hosts
Windows 3.1/95/98/ME c:\windows\hosts
Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts or c:\windows\system32\drivers\etc\hosts
Windows XP Home c:\windows\system32\drivers\etc\hosts
Netware SYS:ETC/HOSTS
Apple System Folder:Preferences and in the System Folder itself.

In Windows machines you may not already have a hosts file. If this is the case there will most likely be a sample hosts file called hosts.sam that you can rename to hosts and use as you wish. You can edit this file either from the cmd prompt using Edit or Notepad on windows or VI on Unix/Linux. Really any text editor can open and modify the HOSTS file. It is also recommended that if you use this file that you make periodic backups of it by copying it to another name. Some people recommend that you make this file read only so that it will be harder to modify by a malicious program, which there are Hijackers that are known to do this, but there are Hijackers such as CoolWebSearch that add entries to the file regardless of whether or not its read only. Therefore you should not think that having your HOSTS as read only will make it safe from modification.

Why would I want to use a HOSTS file

There are a variety reasons as to why you would want to use a HOSTS file and we will discuss a few examples of them so you can see the versatility of the little file called the HOSTS file.

Network Testing

- I manage a large Internet Data center and many times we need to set up test machines or set up development servers for our customers applications. When connecting to these development or test machines, you can use the HOSTS file to test these machines as if they were the real thing and not a development server. As an example, lets say that you had a domain name for a development computer called development.mydomain.com. When testing this server you want to make sure it operates correctly if people reference it as the true web server domain name, www.mydomain.com. Since if you change www.mydomain.com in the DNS Server to point to the development server everyone on the Internet would connect to that server, instead of the real production server. This is where the HOSTS file comes in. You just need to add an entry into your HOSTS file that maps www.mydomain.com to the IP address of the development server on the computers that you will be testing with, so that the change is local to the testing machines and not the entire Internet. Now when you connect to www.mydomain.com from your computer with the modified HOSTS file you are really connecting to the development machine, but it appears to the applications that you are using that you are connecting to www.mydomain.com.

Potentially Increase Browsing Speed

- By adding IP address mappings to sites you use a lot into your HOSTS file you can potentially increase the speed of your browsing. This is because your computer no longer has to ask a DNS server for the IP address and wait to receive it's response, but instead can quickly query a local file. Keep in mind that this method is not advised as there is no guarantee that the IP address you have for that domain name will always stay the same. Therefore if the web site owner decides to change their IP address you will no longer be able to connect.

Block Spyware/Ad Networks

- This reason is becoming a very popular reason to use the HOSTS file. By adding large lists of known ad network and Spyware sites into your hosts file and mapping the domain names to the 127.0.0.1, which is an IP address that always points back to your own machine, you will block these sites from being able to be reached. This has two benefits; one being that it can make your browsing speed up as you no longer have to wait while you download ads from ad network sites and because your browsing will be more secure as you will not be able to reach known malicious sites.

NOTE: It is important to note that there have been complaints of system slowdowns when using a large hosts file. This is usually fixed by turning off and disabling the DNS Client in your Services control panel under Administrative Tools. The DNS client caches previous DNS requests in memory to supposedly speed this process up, but it also reads the entire HOSTS file into that cache as well which can cause a slowdown. This service is unnecessary and can be disabled.

There are HOSTs file that are already made that you can download which contain a large list of known ads servers, banner sites, sites that give tracking cookies, contain web bugs, or infect you with hijackers. Listed below are web sites that produce these types of hosts files:

hpguru's HOSTS File can be found here: http://www.hosts-file.net/ The MVPS Host File can be found at: http://www.mvps.org. Hosts File Project can be found here : http://remember.mine.nu/

If you choose to download these files, please backup your original by renaming it to hosts.orig and saving the downloaded HOSTS file in its place. Using a HOSTS file such as these is highly recommended to protect your computer.

Utilities for your HOSTS file

If you do not plan on modifying your HOSTS file much and plan on using it occasionally for testing purposes, then the basic text editors like VI, Notepad, and Edit are more than adequate for managing your HOSTS file. If on the other hand you plan on using the HOSTS file extensively to block ads/spyware or for other reasons, then there are two tools that may be of use to you.

eDexter - When you block ads on web sites using a HOSTS file, there tends to be empty boxes on the web site you are visiting where the ad would normally have appeared. If this bothers you, you can use the program eDexter to fill in the image with one on your local machine such as a clear image or any other one for that matter. This removes the empty boxes and is quick because the replacement image is loaded off of your hard drive.

Hostess - Hostess is an application that is used to maintain and organize your HOSTS file. This program will read your HOSTS file and organize the entries contained in it into a database. You can then use this database to scan for duplicates and to manage the entries. It is a program that is definitely worth checking out if you plan on using the HOSTS file extensively.

Conclusion

As you can see the HOSTS file is a powerful tool if you understand how to use it. You should now know how to use the HOSTS file to manipulate Domain Name Resolution to suit your needs. It is also important that you use its ability to block malicious programs as discussed above to make your computing environment more secure.

Source: http://www.bleepingcomputer.com/tutorials/hosts-files-explained/

No comments:

Post a Comment