Hosts (file)

Last updated

The computer file hosts is an operating system file that maps hostnames to IP addresses. It is a plain text file. Originally a file named HOSTS.TXT was manually maintained and made available via file sharing by Stanford Research Institute for the ARPANET membership, containing the hostnames and address of hosts as contributed for inclusion by member organizations. The Domain Name System, first described in 1983 and implemented in 1984, [1] automated the publication process and provided instantaneous and dynamic hostname resolution in the rapidly growing network. In modern operating systems, the hosts file remains an alternative name resolution mechanism, configurable often as part of facilities such as the Name Service Switch as either the primary method or as a fallback method.

Contents

Purpose

The hosts file is one of several system facilities that assists in addressing network nodes in a computer network. It is a common part of an operating system's Internet Protocol (IP) implementation, and serves the function of translating human-friendly hostnames into numeric protocol addresses, called IP addresses, that identify and locate a host in an IP network.

In some operating systems, the contents of the hosts file is used preferentially to other name resolution methods, such as the Domain Name System (DNS), but many systems implement name service switches, e.g., nsswitch.conf for Linux and Unix, to provide customization. Unlike remote DNS resolvers, the hosts file is under the direct control of the local computer's administrator. [2]

File content

The hosts file contains lines of text consisting of an IP address in the first text field followed by one or more host names. [3] The host names map to the IPs, not vice versa. Each field is separated by white space – tabs are often preferred for historical reasons, but spaces are also used. Comment lines may be included; they are indicated by an octothorpe (#) in the first position of such lines. Entirely blank lines in the file are ignored. [4] For example, a typical hosts file may contain the following:

127.0.0.1  localhost loopback ::1        localhost

This example only contains entries for the loopback addresses of the system and their host names, a typical default content of the hosts file. The example illustrates that an IP address may have multiple host names ( localhost and loopback ), and that a host name may be mapped to both IPv4 and IPv6 IP addresses, as shown on the first and second lines respectively.

Location in the file system

The location of the hosts file in the file system hierarchy varies by operating system. It is usually named hosts, without an extension.

Operating SystemVersion(s)Location
Unix, Unix-like, POSIX /etc/hosts [5]
Microsoft Windows 3.1 %WinDir%\HOSTS
95, 98, ME %WinDir%\hosts [6]
NT, 2000, XP, [7] 2003, Vista,
2008, 7, 2012, 8, 10, 11
%SystemRoot%\System32\drivers\etc\hosts [8]
Windows Mobile, Windows Phone Registry key under HKEY_LOCAL_MACHINE\Comm\Tcpip\Hosts
Apple Macintosh 9 and earlierPreferences or System folder
Mac OS X 10.0–10.1.5 [9] (Added through NetInfo or niload)
Mac OS X 10.2 and newer/etc/hosts (a symbolic link to /private/etc/hosts) [9]
Novell NetWare SYS:etc\hosts
OS/2, eComStation, ArcaOS "bootdrive":\mptn\etc\
Symbian Symbian OS 6.1–9.0C:\system\data\hosts
Symbian OS 9.1+ C:\private\10000882\hosts
MorphOS NetStackENVARC:sys/net/hosts
AmigaOS < 4AmiTCP:db/hosts
4DEVS:Internet/hosts
AROS ENVARC:AROSTCP/db/hosts
Android /etc/hosts (a symbolic link to /system/etc/hosts)
iOS iOS 2.0 and newer/etc/hosts (a symbolic link to /private/etc/hosts)
TOPS-20 SYSTEM:HOSTS.TXT
Plan 9 /lib/ndb/hosts
BeOS /boot/beos/etc/hosts [10]
Haiku /system/settings/network/hosts [11]
OpenVMS UCXUCX$HOST
TCPware TCPIP$HOST
RISC OS 3.7, 5!Boot.Resources.!Internet.files.Hosts
later boot sequence!Boot.Choices.Hardware.Disabled.Internet.Files.Hosts [12]

History

The ARPANET, the predecessor of the Internet, had no distributed host name database. Each network node maintained its own map of the network nodes as needed and assigned them names that were memorable to the users of the system. There was no method for ensuring that all references to a given node in a network were using the same name, nor was there a way to read the hosts file of another computer to automatically obtain a copy.

The small size of the ARPANET kept the administrative overhead small to maintain an accurate hosts file. Network nodes typically had one address and could have many names. As local area TCP/IP computer networks gained popularity, however, the maintenance of hosts files became a larger burden on system administrators as networks and network nodes were being added to the system with increasing frequency.

Standardization efforts, such as the format specification of the file HOSTS.TXT in RFC 952, and distribution protocols, e.g., the hostname server described in RFC 953, helped with these problems, but the centralized and monolithic nature of hosts files eventually necessitated the creation of the distributed Domain Name System (DNS).

On some old systems a file named networks is present that is similar to a hosts file, containing names of networks. [13]

Extended applications

In its function of resolving host names, the hosts file may be used to define any hostname or domain name for use in the local system.

Redirecting local domains
Some web service and intranet developers and administrators define locally defined domains in a LAN for various purposes, such as accessing the company's internal resources or to test local websites in development. [14]
Internet resource blocking
Entries in the hosts file may be used to block online advertising, or the domains of known malicious resources and servers that contain spyware, adware, and other malware. This may be achieved by adding entries for those sites to redirect requests to another address that does not exist or to a harmless destination such as the local machine. [15] Commercial software applications may be used to populate the hosts file with entries of known undesirable Internet resources automatically. In addition, user-created hosts files which block nuisance servers are publicly available. [16] [17]
Fravia described these files variously as "scrolls", "precious", and "powerful" in his anti-advertisement pages, where this usage of hosts was first published. [17]
Software piracy
Some pirated versions of software rely on a modified hosts file to prevent software from contacting the activation servers of the publisher, although activation servers sometimes appear in general purpose hosts files. [18]

Security issues

The hosts file may present an attack vector for malicious software. The file may be modified, for example, by adware, computer viruses, or trojan horse software to redirect traffic from the intended destination to sites hosting malicious or unwanted content. [19] The widespread computer worm Mydoom.B blocked users from visiting sites about computer security and antivirus software and also affected access from the compromised computer to the Microsoft Windows Update website.

In some cases, malware has modified the library responsible for loading the hosts file in order to redirect it to a file it is able to control freely. [20]

See also

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

<span class="mw-page-title-main">Domain name</span> Identification string in the Internet

In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority or control. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. Domain names are used in various networking contexts and for application-specific naming and addressing purposes. In general, a domain name identifies a network domain or an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, or a server computer.

Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information.

NetBIOS is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, NetBIOS is not a networking protocol. Operating systems of the 1980s ran NetBIOS over IEEE 802.2 and IPX/SPX using the NetBIOS Frames (NBF) and NetBIOS over IPX/SPX (NBX) protocols, respectively. In modern networks, NetBIOS normally runs over TCP/IP via the NetBIOS over TCP/IP (NBT) protocol. NetBIOS is also used for identifying system names in TCP/IP (Windows).

SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded. A SOCKS server accepts incoming client connection on TCP port 1080, as defined in RFC 1928.

Zero-configuration networking (zeroconf) is a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It does not require manual operator intervention or special configuration servers. Without zeroconf, a network administrator must set up network services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer's network settings manually.

<span class="mw-page-title-main">Server Message Block</span> Network communication protocol for providing shared access to resources

Server Message Block (SMB) is a communication protocol used to share files, printers, serial ports, and miscellaneous communications between nodes on a network. On Microsoft Windows, the SMB implementation consists of two vaguely named Windows services: "Server" and "Workstation". It uses NTLM or Kerberos protocols for user authentication. It also provides an authenticated inter-process communication (IPC) mechanism.

nslookup Utility to query the Domain Name System

nslookup is a network administration command-line tool for querying the Domain Name System (DNS) to obtain the mapping between domain name and IP address, or other DNS records.

In computer networking, localhost is a hostname that refers to the current computer used to access it. The name localhost is reserved for loopback purposes. It is used to access the network services that are running on the host via the loopback network interface. Using the loopback interface bypasses any local network interface hardware.

In computer networking, a hostname is a label that is assigned to a device connected to a computer network and that is used to identify the device in various forms of electronic communication, such as the World Wide Web. Hostnames may be simple names consisting of a single word or phrase, or they may be structured. Each hostname usually has at least one numeric network address associated with it for routing packets for performance and other reasons.

ipconfig Console application program

ipconfig is a console application program of some computer operating systems that displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. IPCONFIG

The domain name arpa is a top-level domain (TLD) in the Domain Name System (DNS) of the Internet. It is used predominantly for the management of technical network infrastructure. Prominent among such functions are the subdomains in-addr.arpa and ip6.arpa, which provide namespaces for reverse DNS lookup of IPv4 and IPv6 addresses, respectively.

In computer networks, a tunneling protocol is a communication protocol which allows for the movement of data from one network to another. It can, for example, allow private network communications to be sent across a public network, or for one network protocol to be carried over an incompatible network, through a process called encapsulation.

NetBIOS over TCP/IP is a networking protocol that allows legacy computer applications relying on the NetBIOS API to be used on modern TCP/IP networks.

The name localhost is reserved by the Internet Engineering Task Force (IETF) as a domain name label that may not be installed as a top-level domain in the Domain Name System (DNS) of the Internet.

A shared web hosting service is a web hosting service where many websites reside on one web server connected to the Internet. The overall cost of server maintenance is spread over many customers. By using shared hosting, the website will share a physical server with one or more other websites.

The domain name .local is a special-use domain name reserved by the Internet Engineering Task Force (IETF) so that it may not be installed as a top-level domain in the Domain Name System (DNS) of the Internet. As such it is similar to the other special domain names, such as .localhost. However, .local has since been designated for use in link-local networking, in applications of multicast DNS (mDNS) and zero-configuration networking (zeroconf) so that DNS service may be established without local installations of conventional DNS infrastructure on local area networks.

A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming interface (API) for the networking architecture. Sockets are created only during the lifetime of a process of an application running in the node.

In computer networking, a port or port number is a number assigned to uniquely identify a connection endpoint and to direct data to a specific service. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service. A port at the software level is identified for each transport protocol and address combination by the port number assigned to it. The most common transport protocols that use port numbers are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP); those port numbers are 16-bit unsigned numbers.

DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

References

  1. Internet Systems Consortium. "The Most Widely Used Name Server Software: BIND". History of BIND. Retrieved 2017-07-01.
  2. Cisco Networking Academy Program: First-Year Companion Guide (2nd ed.). Cisco Systems. 2002. p. 676. ISBN   1-58713-025-4.
  3. Penetration Testing: A Survival Guide. Packt Publishing Ltd. 18 January 2017. ISBN   978-1-78728-988-8.
  4. "Hosts(5) - Linux manual page".
  5. "Linux Network Administrators Guide: Writing hosts and networks files" . Retrieved May 16, 2010.
  6. "Hosts File". Archived from the original on July 20, 2011. Retrieved August 10, 2011.
  7. "Microsoft KB Q314053: TCP/IP and NBT configuration parameters for Windows XP" . Retrieved August 28, 2010.
  8. "Microsoft KB 972034 Revision 2.0: default hosts files" . Retrieved August 28, 2010.
  9. 1 2 "Mac OS X: How to Add Hosts to Local Hosts File" . Retrieved August 28, 2010.
  10. "The Haiku/BeOS Tip Server". Archived from the original on January 28, 2013. Retrieved November 30, 2012.
  11. "Haiku UserGuide:Network" . Retrieved January 17, 2019.
  12. RISC OS 6.14
  13. "Writing hosts and networks Files". tldp.org. Retrieved 2021-03-02.
  14. "Building / Testing via the Hosts File". Ohio State University Web Hosting. OCIO. 9 October 2015. Retrieved 5 August 2018.
  15. Gordon; -Tx. "Gordon and -Tx explanations about the use of Gordon's hosts file". Web Searchlores. +Fravia. Archived from the original on 26 December 2018. Retrieved 5 August 2018.
  16. Hofstetter, Constantin. "/etc/hosts to block shock sites etc". GitHub. Retrieved 5 August 2018.
  17. 1 2 Vianello, Francesco "Fravia". "Antiadvertisement Lab". Web Searchlores. +Fravia. Archived from the original on 15 May 2009. Retrieved 5 August 2018.
  18. "yhosts". GitHub. Retrieved 21 June 2021.
  19. "Remove Trojan.Qhosts". Symantec. Archived from the original on October 21, 2007. Retrieved May 16, 2010.
  20. Arntz, Pieter (21 September 2016). "Hosts file hijacks". Malwarebytes Labs. Retrieved 5 August 2018.