Hosts file
From Wikipedia, the free encyclopedia
The hosts file is a computer file used to store information on where to find a node on a computer network. This file maps hostnames to IP addresses. The hosts file is used as a supplement to (or a replacement of) the Domain Name System (DNS) on networks of varying sizes. Unlike DNS, the hosts file is under the control of the local computer's administrator.[1]
The hosts file has no extension and can be edited using most text editors.
Contents |
[edit] History
The ARPANET (predecessor to the Internet) had no domain name system for giving network nodes their own addresses. Because there was no centralized system for this purpose, each network node contained its own "map" of the network nodes that it needed to know about and assigned them names that were memorable to the user. There was no method for ensuring that all references to a given node on a network were called by the same name, nor was there a way to read some other user's hosts file to automatically obtain their copy.
The small size of the ARPANET permitted hosts files to be used with some convenience for some time. Network nodes typically had one address and could have potentially many names. As individual TCP/IP computer networks started becoming popular, however, the hosts file became a large burden on system administrators—networks and network nodes were being added all the time—making maintenance of the hosts file a task which grew significantly.
Standards (e.g. standardization of HOSTS.TXT in RFC 952) and distribution protocols (e.g. the Hostname Server in RFC 953) helped with these problems, but the centralized and monolothic nature of host files eventually necessitated the creation of the distributed Domain Name System.
[edit] Location and content
The hosts file is located in different locations in different operating systems and versions.[2]
| Operating System | Version(s) | Location |
|---|---|---|
| Windows | 95, 98, Me | %WinDir%\ |
| Windows | NT, 2000, XP, 2003, Vista, 7 | %SystemRoot%\system32\drivers\etc\ by default. Actual location defined in Registry key \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath |
| Macintosh | 9 and earlier | System Folder: Preferences or System folder |
| Macintosh | X | /private/etc/hosts |
| Linux, BSD based, and similar | /etc/hosts[3] |
|
| Novell NetWare | SYS:etc\hosts |
|
| iPhone and iPod | /private/etc/hosts |
|
| OS/2 and eComStation | "bootdrive":\mptn\etc\ |
|
| Symbian | Symbian OS 6.1-9.0
(Series 60 1st and 2nd edition, UIQ 1-2) |
C:\system\data\hosts |
| Symbian | Symbian OS 9.1+
(Series 60 3rd edition, UIQ 3.x) |
C:\private\10000882\hosts (AllFiles capable only) |
The host file consists of lines consisting of a IP address and one or more hostnames, separated by white space. Comment lines in the host file start with the '#' (hash) character. Blank lines are ignored.
The default hosts file contents typically includes a line for the localhost definition.[4]
127.0.0.1 localhost
[edit] Other uses
In its function of resolving host names, the hosts file may be used to define any domain name for use in the local system. This may be used either beneficially or maliciously for various effects.
[edit] Redirecting local domains
A useful and time-saving tip for website programmers, intranet developers, and IT managers is to enable non-standard TLDs on a LAN for various purposes, such as the domain LOCAL to access the company's intranet or to test websites in development.
[edit] Internet resources blocking
Another example is filtering online advertising (ads) by installing entries for known ad servers that redirect requests to machines without the advertising, or more typically by redirecting such requests to the local (loopback) address 127.0.0.1.[5] This also saves network bandwidth by eliminating requests to the DNS server used to obtain address information. The user's experience may be further enhanced by running a minimal web server locally that only returns a blank page for every request.[6] This way, the ads from the web pages will never be requested over the Internet but will fail to appear in the user's browser versus producing "not found" errors. However, if the hosts file is to be used in this way, it must be kept current with lists of Internet servers known to host such content.[7]
Blocking ads in this way can result in quicker browser operation and performance improvement for several reasons. First, rather than having to contact a DNS server to resolve multiple IP addresses, the system quickly parses a small text file (the hosts file) located locally on the computer. Second, when the hosts file returns an invalid or local IP address, the browser is unable to load the requested ad, saving time and bandwidth. For example, adding an entry like 0.0.0.0 www.example.com to the hosts file would cause requests for ads to the domain of www.example.com to be forwarded to the invalid IP address 0.0.0.0, so the browser would not load them.
Another use of the host file is to block known malicious or criminal domains and servers which may contain spyware, adware, and other malware. The free utility Spybot - Search & Destroy, for example, includes a feature called "Immunize" that populates the hosts file with thousands of URLs of such websites redirected to 127.0.0.1 to block them.
[edit] Security issues
Because of its central role in local host resolution, the hosts file represents an attack vector for malicous software. The file can be hijacked, for example, by adware, computer viruses, trojan horse software, and may be modified to redirect traffic from an intended destination to sites hosting content that may be offensive or intrusive to the user or the user’s computer system.[8] The widespread worm Mydoom.B blocked users from visiting sites regarding computer security and antivirus software and also affected users' ability to access the Windows Update website. Administrators can set the file permissions of the hosts file to read-only as a means to help defend against malicious redirects caused by malicious software editing the hosts file when casual users without permissions use the computer.
[edit] See also
[edit] References and footnotes
- ^ "Cisco Networking Academy Program: First-Year Companion Guide", page 676 (2nd Edition). Cisco Systems, Inc., 2002, ISBN 1-58713-025-4.
- ^ http://wiki.lunarsoft.net/wiki/Blocking_Malware_and_Advertisements_Safely
- ^ "Linux Network Administrators Guide - Writing hosts and networks files". http://linux.about.com/od/lna_guide/a/gdelna46.htm. Retrieved on March 9, 2009.
- ^ "Microsoft Support Document 258495 - Troubleshooting Client Connectivity". http://support.microsoft.com/kb/258495.
- ^ Using the loopback address can be problematic as it redirects requests to the local machine which may be running a web server for a different purpose. Consequently, using an invalid address, like
0.0.0.0or255.255.255.0is safer. - ^ Running a local web server can expose a system to increased external attacks; doing so for this purpose is questionable. Furthermore, a local web server may well be used for other purposes so configuring it to reject unwanted ad requests while fulfilling its primary purpose may be troublesome and the added load may be undesirable.
- ^ On some Windows machines, the "DNS Client" service may need to be stopped in order for changes to the hosts file to take effect.
- ^ "Remove Trojan.Qhosts – Symantec". http://www.symantec.com/security_response/writeup.jsp?docid=2003-100116-5901-99&tabid=1. Retrieved on January 13, 2009.
