How to use the hosts file to fake DNS

The hosts file is stored on a computer or device to provide local entries for DNS lookup. Normally when you try to resolve a hostname or domain, your computer will consult your specified DNS server to discover the IP address that it points to. This requires that there is an existing DNS server out there with the record that you require, with the hosts file you can fake DNS entries that will resolve only on the local machine.

Why would you want to do this? It’s great for testing or troubleshooting. You may want to use a specific hostname that no DNS exists for, though ideally you should create DNS records where possible as they can be centrally managed. It can help you get around DNS propagation issues, for example if a DNS record has been updated but had a TTL of 24 hours you may have to wait up to this long (assuming the cache cannot be cleared) before the record will resolve to the new IP address. By adding a temporary host file entry you can resolve to the new IP address straight away as the hosts file takes precedence over external DNS.

Where can the hosts file be found?

Windows

The Windows hosts file is found here:

C:\Windows\System32\drivers\etc\hosts

You can edit this file in Notepad with administrator privileges.

Linux

The Linux hosts file is found here:

/etc/hosts

You can edit this file in a text editor with root privileges.

Hosts file formatting

The contents of the hosts file are formatted the same regardless of the operating system, essentially the IP address is specified first followed by the domain name. There will be white space between the two, usually either a space or a tab. Lines that start with # represent comments and do not apply.

In this example I have added the below to my hosts file in Windows and saved the file.

1.1.1.1	testing.test123.com

Testing resolution

Once the hosts file has been edited as soon as the file is saved the names entered will instantly be loaded into the DNS cache and resolve as specified. There is no need to restart any services or restart the machine.

To demonstrate that this is loaded instantly into the DNS cache, run the following command to clear all DNS cache on the local machine – you may need administrative privileges.

ipconfig /flushdns

After this, run the next command which should display all DNS entries that are cached, as well as any other DNS records that have been looked up since the ‘flushdns’ was run.

ipconfig /displaydns

After this you should see your host file entries cached.

Windows IP Configuration

    testing.test123.com
    ----------------------------------------
    No records of type AAAA

    testing.test123.com
    ----------------------------------------
    Record Name . . . . . : testing.test123.com
    Record Type . . . . . : 1
    Time To Live  . . . . : 86400
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 1.1.1.1

Assuming there is a web server at 1.1.1.1, you could now load http://testing.test123.com in a browser and it would load the website hosted there for this website. You could also try to ping your domain name and it should resolve to the IP address correctly.

Some applications may maintain their own DNS cache, so if the previous tests are succeeding but your application or browser is not resolving the correct IP address you may need to investigate how the DNS cache can be flushed, a restart of the application in most instances should do this.

In Windows operating systems an nslookup will by default check the specified DNS server for the record and will not look at the hosts file, so the ping method mentioned above is the best way to confirm local resolution. If the ping is not resolving the correct IP address and you have tried to flushdns as shown before, try restarting the “DNS Client” service on the machine, if this service is not running no DNS will be cached, even host file entries will not display when running a displaydns.

Summary

The hosts file can be used to make your local machine resolve any DNS record that you like, it does not have to exist externally. This is great for troubleshooting, especially for web developers as you could simply point test.domain.com to your web server and then load this in a browser to see the content without having to gain access to the DNS zone. Ideally if you have access you would want to create DNS records that can be resolvable from a DNS server as this is more scalable and centralized, you would not want to keep the hosts file on multiple machines updated in this manner as there is far too much overhead involved.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>