Hosts file
Encyclopedia
The hosts file is a computer file
used in an operating system to map hostname
s to IP address
es. The hosts file is a plain-text file and is conventionally named hosts.
(IP) implementation, and serves the function of translating human-friendly hostnames into numeric protocol addresses, called IP address
es, that identify and locate a host in an IP network.
In some operating systems, the hosts file content is used preferentially over other methods, such as the Domain Name System
(DNS), but many systems implement name service switches (e.g., nsswitch.conf) to provide customization. Unlike the DNS, the hosts file is under the direct control of the local computer's administrator.
This example only contains entries for the loopback addresses of the system and their hostnames, a typical default content of the hosts file. The example illustrates that an
IP address may have multiple hostnames, and that a hostname may be mapped to several IP addresses.
hierarchy of operating systems varies. The hosts file is usually named "hosts" without any .txt extension.
, the predecessor of the Internet
, had no distributed host name database. Each network node maintained its own map of the network nodes as needed and assigned them names that were memorable to the users of the system. There was no method for ensuring that all references to a given node in a network were using the same name, nor was there a way to read the hosts file of another computer to automatically obtain a copy.
The small size of the ARPANET kept the administrative overhead small to maintain an accurate hosts file. Network nodes typically had one address and could have many names. As local area TCP/IP computer networks gained popularity, however, the maintenance of hosts files became a larger burden on system administrators as networks and network nodes were being added to the system with increasing frequency.
Standardization efforts, such as the format specification of the file HOSTS.TXT in RFC 952, and distribution protocols, e.g., the hostname server described in RFC 953, helped with these problems, but the centralized and monolithic nature of host files eventually necessitated the creation of the distributed Domain Name System
.
or domain name
for use in the local system. This may be used either beneficially or maliciously for various effects.
Redirecting local domains: Some web service and intranet
developers and administrators define locally defined domains in a LAN
for various purposes, such as accessing the company's internal resources or to test local websites in development.
Internet resource blocking: Specially crafted entries in the hosts file may be used to block online advertising
, or the domains of known malicious resources and servers that contain spyware
, adware
, and other malware
. This may be achieved by adding entries for those sites to redirect requests to another address that does not exist or to a harmless destination.
Various software applications exist that populate the hosts file with entries of undesirable Internet resources automatically.
, computer virus
es, trojan horse
software, and may be modified to redirect traffic from the intended destination to sites hosting content that may be offensive or intrusive to the user or the user’s computer system. The widespread computer worm
Mydoom.B blocked users from visiting sites about computer security
and antivirus software
and also affected users' ability to access the Microsoft Windows Update
website.
Blocking access to servers of unwanted content by redirecting them to the local host (127.0.0.1) may have security implications. As 127.0.0.1 is accessible only by the host itself, connections might be trusted. The link to be followed may be crafted to launch an attack on the local host.
Computer file
A computer file is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished...
used in an operating system to map hostname
Hostname
A hostname is a label that is assigned to a device connected to a computer network and that is used to identify the device in various forms of electronic communication such as the World Wide Web, e-mail or Usenet...
s to IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
es. The hosts file is a plain-text file and is conventionally named hosts.
Purpose
The hosts file is one of several system facilities to assist in addressing network nodes in a computer network. It is a common part in an operating system's Internet ProtocolInternet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
(IP) implementation, and serves the function of translating human-friendly hostnames into numeric protocol addresses, called IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
es, that identify and locate a host in an IP network.
In some operating systems, the hosts file content is used preferentially over other methods, such as the Domain Name System
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
(DNS), but many systems implement name service switches (e.g., nsswitch.conf) to provide customization. Unlike the DNS, the hosts file is under the direct control of the local computer's administrator.
File content
The hosts file contains lines of text consisting of an IP address in the first text field followed by one or more hostnames. Each field is separated by white space (blanks or tabulation characters). Comment lines may be included; they are indicated by a hash character (#) in the first position of such lines. Entirely blank lines in the file are ignored. For example, a typical hosts file may contain the following:
- This is an example of the hosts file
127.0.0.1 localhost loopback
-
- 1 localhost
This example only contains entries for the loopback addresses of the system and their hostnames, a typical default content of the hosts file. The example illustrates that an
IP address may have multiple hostnames, and that a hostname may be mapped to several IP addresses.
Location in the file system
The location of the hosts file in the file systemFile system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
hierarchy of operating systems varies. The hosts file is usually named "hosts" without any .txt extension.
Operating System | Version(s) | Location |
---|---|---|
Unix Unix Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna... , Unix-like Unix-like A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification.... , POSIX POSIX POSIX , an acronym for "Portable Operating System Interface", is a family of standards specified by the IEEE for maintaining compatibility between operating systems... |
/etc/hosts |
|
Microsoft Windows Microsoft Windows Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal... |
3.1 Windows 3.1x Windows 3.1x is a series of 16-bit operating systems produced by Microsoft for use on personal computers. The series began with Windows 3.1, which was first sold during March 1992 as a successor to Windows 3.0... |
%Windir%\HOSTS |
95 Windows 95 Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products... , 98/98SE Windows 98 Windows 98 is a graphical operating system by Microsoft. It is the second major release in the Windows 9x line of operating systems. It was released to manufacturing on 15 May 1998 and to retail on 25 June 1998. Windows 98 is the successor to Windows 95. Like its predecessor, it is a hybrid... , Me Windows Me Windows Millennium Edition, or Windows Me , is a graphical operating system released on September 14, 2000 by Microsoft, and was the last operating system released in the Windows 9x series. Support for Windows Me ended on July 11, 2006.... |
%WinDir%\hosts |
|
NT Windows NT Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement... , 2000 Windows 2000 Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the... , and 32-bit versions of XP Windows XP Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base... , 2003 Windows Server 2003 Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005... , Vista Windows Vista Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs... , 7 |
%SystemRoot%\system32\drivers\etc\hosts |
|
64-bit versions | %SystemRoot%\system32\drivers\etc\hosts (Many sources, including several Microsoft support pages, will incorrectly state that the hosts file is at %SystemRoot%\SysWOW64\drivers\etc\hosts) |
|
Windows Mobile Windows Mobile Windows Mobile is a mobile operating system developed by Microsoft that was used in smartphones and Pocket PCs, but by 2011 was rarely supplied on new phones. The last version is "Windows Mobile 6.5.5"; it is superseded by Windows Phone, which does not run Windows Mobile software.Windows Mobile is... |
Registry key under \HKEY_LOCAL_MACHINE\Comm\Tcpip\Hosts |
|
Apple Macintosh Macintosh The Macintosh , or Mac, is a series of several lines of personal computers designed, developed, and marketed by Apple Inc. The first Macintosh was introduced by Apple's then-chairman Steve Jobs on January 24, 1984; it was the first commercially successful personal computer to feature a mouse and a... |
9 and earlier | System Folder: Preferences or System folder |
Mac OS X Mac OS X Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems... 10.0 – 10.1.5 |
(Added through NetInfo or niload) | |
Mac OS X Mac OS X Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems... 10.2 and newer |
/private/etc/hosts (or /etc/hosts , since /etc is a symbolic linkSymbolic link In computing, a symbolic link is a special type of file that contains a reference to another file or directory in the form of an absolute or relative path and that affects pathname resolution. Symbolic links were already present by 1978 in mini-computer operating systems from DEC and Data... to /private/etc ) |
|
Novell NetWare Novell NetWare NetWare is a network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, with network protocols based on the archetypal Xerox Network Systems stack.... |
SYS:etc\hosts |
|
OS/2 OS/2 OS/2 is a computer operating system, initially created by Microsoft and IBM, then later developed by IBM exclusively. The name stands for "Operating System/2," because it was introduced as part of the same generation change release as IBM's "Personal System/2 " line of second-generation personal... & eComStation EComStation eComStation or eCS is a PC operating system based on OS/2, published by Serenity Systems. It includes several additions and accompanying software not present in the IBM version of the system.-Differences between eComStation and OS/2:... |
"bootdrive":\mptn\etc\ |
|
Symbian | Symbian OS 6.1–9.0 | C:\system\data\hosts |
Symbian OS 9.1+ | C:\private\10000882\hosts |
|
MorphOS MorphOS MorphOS is an Amiga-compatible computer operating system. It is a mixed proprietary and open source OS produced for the Pegasos PowerPC processor based computer, PowerUP accelerator equipped Amiga computers, and a series of Freescale development boards that use the Genesi firmware, including the... |
NetStack | ENVARC:sys/net/hosts |
Android | /system/etc/hosts (or /etc/hosts , since /etc is a symbolic linkSymbolic link In computing, a symbolic link is a special type of file that contains a reference to another file or directory in the form of an absolute or relative path and that affects pathname resolution. Symbolic links were already present by 1978 in mini-computer operating systems from DEC and Data... to /system/etc ) |
|
iOS (only with jailbreak) | iOS 2.0 and newer | /private/etc/hosts (or /etc/hosts , since /etc is a symbolic linkSymbolic link In computing, a symbolic link is a special type of file that contains a reference to another file or directory in the form of an absolute or relative path and that affects pathname resolution. Symbolic links were already present by 1978 in mini-computer operating systems from DEC and Data... to /private/etc |
TOPS-20 TOPS-20 The TOPS-20 operating system by Digital Equipment Corporation was the second proprietary OS for the PDP-10 mainframe computer. TOPS-20 began in 1969 as the TENEX operating system of Bolt, Beranek and Newman... |
|
History
The ARPANETARPANET
The Advanced Research Projects Agency Network , was the world's first operational packet switching network and the core network of a set that came to compose the global Internet...
, the predecessor of the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
, had no distributed host name database. Each network node maintained its own map of the network nodes as needed and assigned them names that were memorable to the users of the system. There was no method for ensuring that all references to a given node in a network were using the same name, nor was there a way to read the hosts file of another computer to automatically obtain a copy.
The small size of the ARPANET kept the administrative overhead small to maintain an accurate hosts file. Network nodes typically had one address and could have many names. As local area TCP/IP computer networks gained popularity, however, the maintenance of hosts files became a larger burden on system administrators as networks and network nodes were being added to the system with increasing frequency.
Standardization efforts, such as the format specification of the file HOSTS.TXT in RFC 952, and distribution protocols, e.g., the hostname server described in RFC 953, helped with these problems, but the centralized and monolithic nature of host files eventually necessitated the creation of the distributed Domain Name System
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
.
Extended applications
In its function of resolving host names, the hosts file may be used to define any hostnameHostname
A hostname is a label that is assigned to a device connected to a computer network and that is used to identify the device in various forms of electronic communication such as the World Wide Web, e-mail or Usenet...
or domain name
Domain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
for use in the local system. This may be used either beneficially or maliciously for various effects.
Redirecting local domains: Some web service and intranet
Intranet
An intranet is a computer network that uses Internet Protocol technology to securely share any part of an organization's information or network operating system within that organization. The term is used in contrast to internet, a network between organizations, and instead refers to a network...
developers and administrators define locally defined domains in a LAN
Län
Län and lääni refer to the administrative divisions used in Sweden and previously in Finland. The provinces of Finland were abolished on January 1, 2010....
for various purposes, such as accessing the company's internal resources or to test local websites in development.
Internet resource blocking: Specially crafted entries in the hosts file may be used to block online advertising
Online advertising
Online advertising is a form of promotion that uses the Internet and World Wide Web to deliver marketing messages to attract customers. Examples of online advertising include contextual ads on search engine results pages, banner ads, blogs, Rich Media Ads, Social network advertising, interstitial...
, or the domains of known malicious resources and servers that contain spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
, adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
, and other malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
. This may be achieved by adding entries for those sites to redirect requests to another address that does not exist or to a harmless destination.
Various software applications exist that populate the hosts file with entries of undesirable Internet resources automatically.
Security issues
Because of its role in local name resolution, the hosts file represents an attack vector for malicious software. The file may be hijacked, for example, by adwareAdware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
, computer virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
es, trojan horse
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
software, and may be modified to redirect traffic from the intended destination to sites hosting content that may be offensive or intrusive to the user or the user’s computer system. The widespread computer worm
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
Mydoom.B blocked users from visiting sites about computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
and antivirus software
Antivirus software
Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
and also affected users' ability to access the Microsoft Windows Update
Windows Update
Windows Update is a service provided by Microsoft that provides updates for the Microsoft Windows operating system and its installed components, including Internet Explorer...
website.
Blocking access to servers of unwanted content by redirecting them to the local host (127.0.0.1) may have security implications. As 127.0.0.1 is accessible only by the host itself, connections might be trusted. The link to be followed may be crafted to launch an attack on the local host.