Using Your Hosts File to Fake Out DNS

This is a trick I use all of the time, and from time to time I need to explain to someone how to do it.  I thought I’d just put it up on the web so I could send it to people (and so others could find it, should they be looking.)

Why?

First, let me answer the “Why would I want to fake out DNS” question by providing some examples of how I use it:

• I want to setup a sub-domain, but i want it completely private, I don’t even want DNS responding to it.
• I want to setup a sub-domain for development on my local Linux server.
• I want to completely build and test out a new website before even pointing the domain to my server (I tend to do a lot of Host-Name based coding in my websites, so seeing it actually run at xyz.com is nice, lets me know that all of the host-name based coding will work.)
• I just want to have my local linux box answer to something (for instance, I have pma.ubuntu.home setup to give me phpMyAdmin for that server.)

Clever folks might have noticed that I created a new domain extension, .home.  You can do that with this trick, which is nice.  You could setup xyz.dev as a test site, instead of dev.xyz.com as well!

The Hosts file and Security

Any decent anti-virus/anti-malware software will give you a warning when anything tries to change your hosts file.  Here’s why:

Let’s say you bank online and momandpopsbank.com (Gotta love the Bank of Mom & Pop!)  Now, lets say someone wants to get the login credentials of momandpopsbank.com customers.  First, they would create what’s commonly referred to as a phishing site.  This is basically a replica of the momandpopsbank.com site, setup to make you feel like you are exactly where you should be.  Next, they would send out a virus of some sort to put an entry into your hosts file that would fake out the DNS for momandpopsbank.com, pointing it to their servers.  The next time you try to login, they have your credentials.  Because they don’t really have all of your info and can’t show you anything worth while, you’ll probably get some maintenance message making you feel like you just need to come back later, buying them more time to do something with your credentials.

Scary eh?  Make sure you’re using some software that keeps an eye on your hosts file.  If you’re running some of the latter Windows operating systems, changes to the hosts file can only be made by with Administrative privileges.

Windows 7, Vista & any other “Run as Administrator” Versions

First, you’ll want to open Notepad (or your favorite text editor, I use TextPad) with admin rights.  To do this, simply find the icon for the text editor, right click on it, and select “Run as Administrator”.  Now you just need to open up your hosts file.  Get the Open File dialog box up and either type in, or copy and paste the following in:

%WINDIR%/system32/drivers/etc/hosts

Other Windows Versions:

On Windows XP and other non-”Run as Administrator” versions, the easiest way to open your hosts file is to bring up the run command window (Usually on the start bar, but easily accessible via Windows Key + R.)  Either type or copy & paste the following into the run command window:

notepad %WINDIR%/system32/drivers/etc/hosts

Alternatively, you can open your favorite text editor and simply copy and paste the above line (minus the “notepad” part) into the Open File dialog window.

Now jump down to “Editing your Hosts File”

Mac OSX 10.2 or Higher

You will need root privileges to edit your hosts file.  Your hosts file is located at:

/private/etc/hosts

Now jump down to “Editing your Hosts File”

Max OSX 10.0-10.1.5

Your process is much more involved, but and you don’t edit an actual text file.  Apple’s Support site has a page called Max OS X: How to Add Hosts to Local Hosts File.  I shamelessly copy & pasted the directions from their website!

1. Open /Applications/Utilities/NetInfo Manager.
2. To allow editing the NetInfo database, click the padlock in the lower left corner of the window.
3. Enter your Admin password and click OK.
4. In the second column of the browser view, select the node named “machines.” You will see entries for -DHCP-, broadcasthost, and localhost in the third column.
5. The quickest way to create a new entry is to duplicate an existing one. So select the “localhost” item in the third column.
6. Choose Duplicate from the Edit menu. A confirmation alert appears.
7. Click Duplicate. A new entry called “localhost copy” appears, and its properties are shown below the browser view.
8. Double-click the value of the ip_address property and enter the IP address of the other computer.
9. Double-click the value of the name property and enter the hostname you want for the other computer.
10. Click the serves property and choose Delete from the Edit menu.
11. Choose Save from the File menu. A confirmation alert appears.
12. Click Update this copy.
13. Repeat steps 6 through 12 for each additional host entry you wish to add.
14. Choose Quit from the NetInfo Manager menu. You do not need to restart the computer.

Linux

You will need root privileges to edit your hosts file.  On every *nix flavor I’ve seen, your hosts file is located at:

/etc/hosts

Curious, anyone know of a flavor where it is located elsewhere?

Now jump down to “Editing your Hosts File”

Editing Your Hosts File

Your hosts file is basically a 2-column file.  The first column is the IP address, it is followed by any number of spaces or tabs or both.  The next column is a list of names that should go to that ip address.

There is going to be one entry in there for sure, it will look like this:

127.0.0.1     localhost

Be sure to never remove that line.  I wouldn’t even recommend editing it.  If you want to add a new name to point to your computer, create a new line, duplicate the IP, and give it your desired name.  It’s just safer. =)

So, now, lets say you want to setup an entry to make fakedns.thomporter.com point to my server (IP address 216.69.178.152.)  Why you say?  Well, I thought I’d provide something to test with, so I’ve actually setup fakedns.thomporter.com as a valid site on my server, but I have not added it to DNS.  If you try to go to it in a web browser without editing your hosts file, you’ll get an error.  So, with your hosts file open, add a line that looks like this:

216.69.178.152     fakedns.thomporter.com

That tells your computer that when you try to go to fakedns.thomporter.com to send you to the IP Address entered.  Save the file and try typing in fakedns.thomporter.com.  You should see my home page!

You can add more than one name to a line, try it out:

216.69.178.152     fakedns.thomporter.com fakedns2.thomporter.com

Again, you should see my website.

That is it.

Troubles?

• I’m not seeing the change
  • Most browsers cache DNS.  So if you try to load something in your browser first, and then go and edit your hosts file, you’ll need to close your browser and re-open it to get sent to the new IP.
  • Many Anti-Virus & Anti-Spyware programs will warn you about changes to the hosts file, and block them until you say it is ok.  Make sure you don’t have a prompt like that hidden somewhere (I often times missed McAfee’s warning because it was so subtle.)
  • If those don’t fix the problem, you could try rebooting, but I’ve never had to do that.
• What’s with all of these 127.0.0.1 entries already in here (other than localhost)
  • Many spyware/adware/ad blockers use the hosts file to block content.  In the case of spyware/adware, this is usually blocking know phishing sites, virus spreading sites, etc.  It’s an excellent way to keep you from accidentally visiting a site that would infect your computer with something harmful.
• Other issues?  Contact me and I will try to help! (If you are a client I sent this to, just call me! =)