Talk:Hosts (file)

Improving this Article
Added a history section to provide background on hosts files origins and uses. On my to-do list for this article: o Fix the crappy formatting, spelling errors, etc o Fix all the technical ambiguity, remove OS prejudices, etc. o Move chunks of the article into a more appropriate article, such as "Hosts_File_Filtering" or something

In general, my aim is to make this NOT look like a freaking IT tech support forum. --Jeff The Riffer 15:07, 4 August 2006 (UTC)

Proposed move from Host file to Hosts file
hmm, i just noticed something. why is this page titled "Host file"? But, in the Windows environment, it's referred to as a "HOSTS file". And is a file called "HOSTS" which resides in the C:\Windows\System32\drivers\etc directory. &mdash;The preceding unsigned comment was added by 24.110.231.35 (talk • contribs) 18:55, 12 July 2005.
 * Just to say that on Linux, most distributions (all?) use /etc/hosts; a move to Hosts file would make sense to me --Lox (t,c) 08:43, 12 January 2006 (UTC)

I've marked this with a move template, but since I don't feel it's a controversial move, I am not starting a vote. If anyone feels strongly enough against the move, please feel free to start a vote. --Lox (t,c) 13:56, 12 January 2006 (UTC)

Moved. &mdash; Nightstallion (?) 08:37, 16 January 2006 (UTC)

0.0.0.0
When you use the 0.0.0.0 method it doesnt try connect anywhere. But if you use 127.0.0.1 it actually tries to connect to a service on your computer which makes it take longer and use up more resources. Also you might run a webserver that it ask for invalid requests. Therefore it is better to use 0.0.0.0 than 127.0.0.1 as you want to kill the connection not to loop it back to your computer. &mdash;The preceding unsigned comment was added by Frap (talk • contribs) 16:32, 5 December 2005 (UTC).
 * Most websites say it's better to use the 127.0.0.1 method--Andeee 06:46, 5 May 2006 (UTC)
 * Why is it better? 0.0.0.0 doesn't connect anywhere. 127.0.0.1 does. If I run a web server that has a virtual host with the same domain name, it would serve the request.


 * BTW, this page is becoming more of a technical manual than an encylopedia entry.--Avochelm 18:37, 20 May 2006 (UTC)
 * Agree completely. The article has an awful lot of second-person in it.  That so much of it is written as a 'how-to' makes it difficult to reword otherwise, but I'll take a stab at it. The Monster 06:19, 25 June 2006 (UTC)
 * What does that have to do with 0.0.0.0? 0.0.0.0 has NO meaning on Linux, FreeBSD, or Mac OS-X and causes problems on those operating systems.  The added benefit of using 127.0.0.1 is that the top phttpd (Pseudo HTTP Daemon) and Homer log what is being stopped and why. hhhobbit 17:31, 12 June 2007 (UTC)

So 0.0.0.0 should work fine on Windows 10 and Windows 7? What about Android, iPhone, Symbian S60v3...?

91.155.23.138 (talk) 10:00, 17 September 2018 (UTC)

Zonealarm spyware
I removed

(Note that ZoneAlarm may itself be spyware. See this article.)

from the article as it a) isn't relevant and b) seems to be an exaggeration. Sum0 21:10, 3 April 2006 (UTC)

Rephrasing
Changed "Commercial software like ZoneAlarm and Spybot - Search & Destroy have a feature to "lock" the hosts file", as Spybot is not commercial software. --80.61.118.43 12:25, 16 April 2006 (UTC)

The ROOT Problem
The 'help' in the section is Windows-only. Of course, Windows IS the main enabler of malicious requests everywhere.

It reads like an advertisement... actually, it IS an advertisement for some 'Windows Defender' rubbish. I hope they're paying Wikipedia for that space.

Maybe as a guideline, any "help" in an article of this sort should link to an article about computer security.

Generally, the whole spyware/malware/virus problem boils down to Microsoft's unique insistance on making it 'convenient' for ignorant users by making them log on as 'Administrator' (root) by default. It doesn't help that the 'Home' version of Windows XP that's shipped in most consumer boxes has extremely limited administrative capabilities which give you an extreme radio-button selection of "Omnipotent: Screw Me At Will" or "Somewhat Less Omnipotent: Screw Me Somewhat Less". If you do software development work, you'll need to run a 'Workstation' or 'Server' version of Windows to have the sort of control you need. For most casual users (and kids) a 'User' level account settings will be sufficient for virtually any normal use, though the default 'user' account still allows too much. The question to ask yourself is "$50 extra for the 'Workstation' version, or $500 over the next few years buying junk to 'scan' your computer that doesn't work?"

Most of the garbage that vendors dump on the market to 'protect' users from these 'threats' is nothing more than a patchwork of bandaids cobbled together over the root (sic) problem of excessive login privileges for routine work/entertainment use. Believe me, you really don't want everyone in the house (or office) having privileges to download something they see on a pop-up ad and click "Yes" when it prompts to install... unless you LIKE doing full virus scans weekly and having half a dozen 'protect me' kludges scanning everything on your computer all the time, slowing everything to a crawl, and then re-installing Windows every few months because the damage adds up.

When just editing documents, emailing, browsing the web, etc., a 'user' account (one with limited privileges to change files in a designated place - for windows it might be their subfolder in 'Documents And Settings' and for Unix/Linux users it might be their home folder) is very adequate.

In general, one should only log on with admin/root privileges when deliberately making changes to the system (installing/removing devices and software, adding/editing accounts, that sort of thing). Generally one shouldn't engage in any 'risky' download/browsing behavior while logged in as admin/root. Log off and back on again as a 'user' as soon as you finish.

All well written software that 'behaves' will run fine with user privileges. Software that attempts to do more than the 'user' has privileges to do will fail to modify 'important' files, and (if written well) tell the user why. Older software that makes very dumb assumptions about keeping files in their "Program Files" folder, or modifying system-level registry entries will fail - and this is what Microsoft has made all users into 'Administrators' to enable, so the software based on their earlier, even more flawed non-security model can all still work, while leaving the door wide open for everything else.

If you need to do something, it takes only a minute to log off and log in as 'Administrator' (or type 'su' to become root) and do what needed to be done (usually install a driver or piece of software, occasionally give your 'user' account an extra privilege to enable something), then log back in with your user account. Some software even prompts for the 'Administrator' (or root) password and does this step for you, granting temporary permission to do what you launched it to do.

It should be noted that if you're going to make your current account into 'user', that you'd better make an 'Administrator' enabled one FIRST. I have never met a common Windows user with 'spyware' and 'virus' problems who knows their Administrator account password (many PCs ship to the user brand new and don't have an 'Administrator' password written down anywhere). Set a password on it you'll remember, and write it down anyway and file that away where you can definitely find it. It doesn't have to be the 'Administrator' account. Just an account with 'Administrator' privileges. ONLY after making that administrator account (or at least verifying you can log in as 'Administrator') should you lower your privileges to a 'safe' level. Then make sure your productivity software and toys still work. If some downloaded toy complains, uninstall it and find another one.

Oh, and just a reminder: BACK UP YOUR DOCUMENTS/PICTURES/ETC. A USB2 hard disk big enough to back everything up, and fast enough to do it relatively quickly is dirt cheap compared to the time needed to re-create it all. Best practice is to plug the USB drive in to perform backups, and leave it unplugged, powered off and disconnected the rest of the time. Store the USB drive somewhere separate from your computer (in case of fire, water damage, etc., there will be better chance that ONE hard disk will survive.) If you have a safe backup, there's nothing at all that can happen to your computer that will harm the backed up copies as well. Various vendors make backup software that makes the process incremental and painless (i.e. after the first backup, a weekly backup will usually take a minute or two), but you can just use XCOPY (or ROBOCOPY or 'rsync') to do it if you're comfortable with command line tools.

And one last security tip: Put your most sensitive, sacred, personal things on an EEPROM (USB or whatever memory card format - Back that up, too!) Put all of your sensitive website links and passwords in a file on that stick, too. Clear those automatically entered passwords out of your browser (at least to 'sensitive' things) completely. Now if someone somehow does obtain access to your computer (stolen, accessed locally while you're away, remotely connected, etc.) they find nothing but mundane and uninteresting (and above all HARMLESS) junk. Use that EEPROM like a key and plug it in ONLY when you need that private data. Clear the cache and temp folders after each use of the key. These keys are pretty cheap compared to both losing a notebook AND realizing that your tax records and every login to every bank and credit account are on it, too. If you leave out the MP3s and terabyte of 'videos' you downloaded, a 2GB EEPROM will store anything of significance for most people, and can be hidden much more safely, securely and readily than other media. Mine's even water resistant (or you could keep it in a 'zip-lock' bag.) The computer isn't the important thing, the data on it is what you're worried about. There are additional steps for the extra-paranoid, but that would be one long article.

The EEPROM its self can even be encrypted - but don't count on that encryption protecting data from authorities. If that's a concern, get a tiny-sized one for a digital camera (most cameras have a USB cord and can be read like a hard disk) that you can bite down on and crush if it's a question of "Lost data or prison?" It's a lot harder to recover data from a mashed or fried chip than a disk of whatever type. —Preceding unsigned comment added by 72.154.159.144 (talk • contribs) 16:18, 24 May 2006

---

All of this advice is useful with some exceptions.

0. Please sign your name to stand behind these statements! I am a creator of one of the blocking hosts files, and it defends more than just Microsoft Windows systems. I work almost 85% of the time using Linux, not MS-Windows. It is just a fact of life that most people are using Windows. Until that fact changes there is nothing you or I or anybody else can do about it. But more to the point, what does any of the previous have to do with a hosts file? If you are saying that by just dropping my privileges that is all that is required, you are a fool. Read my last point and you will understand why.

1. For better or worse, the Microsoft Windows OS sometimes makes it very difficult to do things with restricted accounts, most notably in updating anti-virus, anti-spy and other things. This is because of the heritage of Windows coming from a single user environment as opposed to a multiple user and multi-logged on environment. Just do a "ps -eadf | more" or "ps -gaux | more" on some Unix systems. You will see more than one and more than the extra one being all root on them.

2. The other reason is that Microsoft's NTFS system is rather primitive since it didn't have the idea of file ownership. If IBM had followed their own OS / 400 (then AS / 400) people, OpenVMS, or Unix in designing the HPFS which NTFS descended from, many of the present day problems could have been avoided.

3. Don't assume that Linux, Mac OS-X, et al, don't have problems with web sites. They do. They are of course protected from Windows binaries. Active-X is an Internet Explorer problem and can be avoided by the use of any other browser on Windows. But how many MS Windows users have you tried to pry away from using IE? But Linux, Mac OS-X, and the various BSDs can have just as many problems when it comes to JavaScript, Java, and Flash Player exploits. Macintosh is also susceptible to any exploits that use QuickTime player since that is available for the Macintosh (but not for Linux). There is also no difference when it comes to tracking cookies. They are just as bad on all platforms. Although I and others have created a PAC file, nothing blocks things colder than a blocking hosts file.

4. The one hosts file I wished was listed that isn't is Camelon's. When you people started putting in links I was very distressed that you didn't point to the MVPS hosts file, Camelon's, and HPHosts. Almost all of the others are deriving from those three. At one time MVPS was in there and somebody has removed it. The only hosts that are in my BadHosts file that aren't in the MVPS hosts file are Porn and Casino sites that fall through our PAC filter. I send on all bad sites to the author of that file. It was very distressing for you people to ignore the big three once you started listing things.

5. Encryption of a disk is absolutely useless until the machine is shut down. Separate file encryption does have merit, but only as long as you don't have a key-logger on your system. If they are on your system and stole your keys and know your pass-phrase, they are home free.

6. Least privileges only go so far in protecting a system. On Windows there is nothing to prevent people from doing an infection locally. By that I mean that they can put their malicious code either in the user's Start folder, or a link pointing to where it is in the user's Start folder, or make entries in the user's Run or RunOnce or other Run registry keys to where the malware is installed. Vista has done nothing that prevents this from happening either. These LOCAL things that only apply to one user are easy to do. Macintosh and Linux systems have some well defined local user folders as well, and copying a trojan and key logger into their local binaries folder (for example ~/bin for Linux) and altering their startup scripts for their shell to make sure it is running when the user logs in can do just as effective a job of reading keyboard strokes as the key-loggers on Microsoft Windows. In short, least privileges will NOT protect against this type of exploit. Even worse the potential exists on all platforms. Many if not most sites are already halfway there because they already identify your OS and your browser including all plugins. All that is left is to exploit say, Java to shove the malware into place and make sure it is automatically started. The only reason it hasn't been done yet on Macintosh and Linux is because of the small numbers of machines running those operating systems. That is going to change.

In conclusion, I have nothing against the principle of least privileges. It SHOULD be done! But depending on it as a panacea that will cure all the problems is extremely naive. Also, shifting to using Mac OS-X, Linux, or one of BSDs will only get you so far. I think we should put up the code for what was at the mostannoyingwebpage.org. It trapped you with nothing but JavaScript, and it is getting more and more frequent that the JavaScript exploits work just as well on the Mac and Linux systems as they do on Windows.

hhhobbit 09:56, 24 June 2007 (UTC)

Removing the admin privileges from the browser itself
The above article by hhhobbit was over my head, but one helpful (free) tool for us dummies is DropMyRights. You can run IE, Firefox, or any other program at all, without admin privileges, even if you're running as an admin user. It removes the admin privileges from that instance of your browser (or whatever), which may not be a cure-all, but it would surely prevent some types of harm. You just make a shortcut to the lower-privileged version. Note: If you use this, you still have to use your original (full-privilege) version of IE to get MS Updates. They won't work without admin privileges. Again, I'm a dummy, so apologies if any of the terminology isn't correct. Unimaginative Username 03:56, 15 November 2007 (UTC)

"Use"?
"One use of the hosts file is ad filtering."

The purpose of the HOSTS file is clear, and it's not for ad filtering. It would be more accurate to classify these techniques as something else. —Preceding unsigned comment added by 70.173.102.192 (talk • contribs) 15:18, 23 June 2006 (UTC)

---

The comments from here on are made by hhhobbit. Who made the previous comments? Please say who you are and what purposes you feel a hosts file is for. To me the only reason for a hosts file is to pair an IP Address with one or more Host Names per line. The host name can be either simple like localhost or a Fully Qualified Domain Name (FQDN). Why you are pairing what IP with what host(s) is up to you unless you are doing it to commit fraud. If you are making changes to somebody else's hosts file without their permission or consent and it is to redirect them from say Google to a Porn Host, then it is obvious what you are doing is unethical, illegal, and undesirable. Any other reason as long as it isn't any of those three is permissible according to the RFCs (the documents that specify what you can and can't do). I must state right off that the MVPS hosts file, and the BadHosts hosts file (a super-set of the MVPS hosts file) DO NOT BLOCK ADS!

I don't know what your objections to a hosts file being used to block adservers is. If it is because you feel it is not in compliance with the RFCs for what a hosts file is to be used for I am going to tell you that you are wrong. I don't know how much you know but my knowledge of networking is very deep and goes back to the 1970s when there were very few hosts on the Internet, and nothing but hosts files were used. The only restrictions specified in the RFCs is that you have an IP address associated with one or more host names. If you feel the entire discussion for the hosts file itself is inappropriate for what should be in the Wikipedia, that is for the top levels of the Wikipedia management to decide. In that case you should submit your reasons for this page to be cut to them, not to me. I have no control over that decision. I think if they do cut it though, they will be doing a great disservice to thousands of people. Similarly, cutting the links even though they may not agree with the Wikipedia guidelines isn't a good idea either. There is also the chance you are one of the ad serving people and reject it because it is driving money out of your pocket. In that case I can understand your objection. Do a Google / Yahoo / MSN search for hostsfile.org (BadHosts). You will have less than two pages of links. You want to know why? Because the hosts files at that site don't specifically block ads. We may block ad-sites, but not specifically because that is all they do. They have to do something in addition to that to get included. They also block some Porn hosts and some on-line Gambling hosts. The reason you have so few links to that site is because the very nature of putting that file on your machine begins to hide you and stop the spying. I did notice that the Wikipedia hosts file page was not one of those links. You will get the same effect with the MVPS hosts file. We are unlinking ourselves out of existence by stopping the spies. The BadHosts hosts file at hostsfile.org is a super-set of the MVPS hosts file. How do I know? I am the one that creates and maintains the hosts file at hostsfile.org. I submit all badly behaving hosts to the author of the MVPS hosts file and let him decide about inclusion. He does not have an exclusive on that information. I will provide that information to anybody who makes a blocking hosts file that requests it. Some of the things the hosts out there can do to you can be pretty bad. If you consider what we are doing is wrong I would contend that allowing people to be spied on or their machines infected is an even greater crime.

As I see it, a discussion of the hosts file without saying something about why it still exists (theoretically, DNS could completely replace it if the localhost entry was translated by all network aware applications), and what can potentially be added to the hosts file is pointless. If you don't want to discuss either, then remove this page from the Wikipedia entirely. My contention as somebody who has constructed several huge network management systems is that there are quite a few reasons for a hosts file to still exist and possible uses for it. Here are some of the reasons for adding a host to the hosts file but by no means all of them. You may or may not agree with some of them, but that is just a personal opinion

[1] For a LAN hidden behind a firewall that does NAT (Network Address Translation). The LAN is technically not part of the Internet at large, and merging that network with the Internet's DNS servers usually isn't practicable. But you do need to have the machines talking to one or more file servers, on-line printers, and any other servers you have on the LAN. It is usually much more convenient to refer to the HP Printer as HP_MODEL rather than by IP address. Further, the way Microsoft forces you to not be able to change the name of an IPP print server and gives the IPP printers the names unknown, unknown1, etc., forces you to name them. If you name them then you get unknown:hpdj930c, and unknown1:pagepro13502 for example. Without those names in the hosts file you would instead get unknown:192.168.1.121 and unknown1:192.168.1.123 for example. So making hosts file entries is the only way those printers will get a name. The name may look goofy, but that is the best you will ever get. Servers should NOT DHCP their IP addresses. You want to fix where they are at. Also, if you wish to have direct communication between two client hosts on the LAN, then you will want them to stop using DHCP, and assign them static IP addresses as well. You will also probably want to add all of these hosts to the hosts file so they can be referred to by name instead of IP address. All of this needs to be hid from the outside world. Relevant entries added to all of the hosts file on the LAN is a fast, easy way to do that. Trying to create inner / outer DNS servers is usually well beyond the technical expertise of most people. Adding these hosts to a hosts file is a much easier way to do this.

[2] There is an extreme latency in asking a DNS server for an IP address. After all, the query turns into at least one UDP (User Datagram Protocol packet) out to the DNS server and one UDP packet back. In reality, most browsers query repeatedly so you end up with at least four up to who knows how many packets. A look up in the hosts file is infinitely faster even if you have a huge hosts file. We were up to over 40,000 hosts before DNS finally was created and even with the slow machines we had at the time, it was pretty fast. I have done tests of over 70,000 hosts in a hosts file and the look up in the hosts file was still faster than doing a DNS query. So if you go to certain hosts over and over and they almost never change their IP address, stick them in the hosts file. Just be sure to do DNS queries every so often to make sure the IP address doesn't change.

[3] Put your DNS servers in the hosts file. This can include other DNS servers other than your Primary and Secondary DNS servers in case your main DNS servers either conk out or suffer from DNS cache server poisoning. Why? Here we come to a chicken versus egg problem. You are trying to access the DNS server which you know by name, but you but can't get the correct IP address any more because you either can't get to the Primary, Secondary, and Tertiary DNS servers or you don't trust them any more because you suspect they have DNS cache server poisoning. The cache server poisoning doesn't happen all that often, but smaller DNS servers can and do die occasionally. Looking up a temporary replacement in the hosts file is a fast and efficient way to get you going again.

[4] To make sure you go to hosts that are critical and you don't want to depend on DNS to get you there. This is being done for security reasons. It can be done to guard against cache server poisoning, but an equally valid way of doing that is to access a hidden host that doesn't have a DNS entry. Yes, I know, that is security through obscurity, but that in conjunction with other safe-guards can give you that extra security edge.

[5] To block hosts you want nothing to do with. These hosts I am referring to may or may not not be ad-servers. If they are being blocked though, they are not being specifically blocked for putting out ads unless they use a random function to pick the ad (that is the minimum needed to include ad servers in this category). These hosts run the gamut of all the way from that comparatively innocuous random ad server all the way to hosts that can do serious damage to your system even if you aren't logged on as an Administrator on Windows. When you do this you map them to 127.0.0.1. Optionally, on MS Windows you can use 0.0.0.0 (don't try this address with non-MS Windows systems - it doesn't work). These hosts could use JavaScript, Java, or any of another number of things to do their web exploits. Sometimes they use tracking cookies. Some of the Porn sites are backed by organized crime, and if you go to their sites they will blackmail you depending on your position within a given community. But you can't block all of the Porn on the Internet with a hosts file. It is impossible. There are at least well over 500,000 and perhaps more than a million Porn sites on the Internet now. What we have provided to block that many porn sites at hostsfile.org is a PAC proxy filter. BadHosts is the blocking hosts file. It does block some Porn that is not in this category, but there are just about as many porn hosts in the blocking hosts file that are in this category. Many on-line gambling and casino sites are in countries without extradition treaties to the United States or other European countries and many of them are far from reputable. Many on-line gambling sites also have ties to organized crime. Keep that in mind when you go to them. You may be safe going to bodog.com and betus.com, but you are 5-20 times more likely to have problems with Gambling sites on the Internet than with all of the sites on the Internet. Spies can go all the way from being a nuisance to being a severe security compromise. Insisting that people can't block these bad sites with entries in a blocking hosts file borders on being criminal. What method do you propose to block them with if they don't use this method? Even if you use a Macintosh or a Linux system don't snicker. I was thinking of removing the MS Windows exploit hosts from our Unix / Linux file. Most of them aren't using Active-X so much any more and are instead using Java, JavaScript, Flash Player, or something else to inject their payload. Guess what? The exploits work just as well on Linux or Macintosh even though you are protected from the Windows binaries. Many times the binary is just an extra kicker and what is really doing the malfeasance is the JavaScript itself. I kept coming up with so many hosts that do the same thing on Linux / Macintosh / Unix I just finally left all of them in. What few I have that are Microsoft specific I can put up with on Linux or other Unix-like systems. Most of the hosts in the MVPS Hosts file do NOT block ad servers just because they are ad servers. They block hosts that are doing one or more things wrong. Many can do damage even on more highly protected Unix-like systems and they can all certainly spy on you. How bad is the situation? Organized crime has taken over a lot of these hosts. BadHosts and MVPS Hosts files blocks the ones that we can find. There are many others we don't find. But why shouldn't people be allowed to block these hosts? The days of just slapping on some antivirus on MS Windows and calling that protection good enough are long gone. I have observed as many as several dozen worms knocking on Symantec's firewall with a Windows machine directly connected to a high speed Internet connection, and they did it in less than two minutes for the connection. I have gone as long as almost a year before some of the Trojans I discovered were recognized as such by the AV companies. I and others submit the malware to them, but there is so much malware now that nobody can keep up with all of them any more. You need much more than just an AV package now. Blocking hosts file entries are good ways to block these bad hosts.

[6] To tame down impolite programs that do meaningless DNS queries every few seconds. The BadHosts hosts file for Windows at hostsfile.org has some for the ZoneAlarm hosts associated with the ZoneAlarm Firewall commented out. People can uncomment those entries with that particular program or add other entries for other programs that do the same thing. IMO, there is almost no legitimate reason for a DNS queries every few seconds if that is all you are going to do. ZoneAlarm was doing it every five seconds. That doesn't sound so bad until you consider that there are several million PCs that are using the ZoneAlarm firewall. I assume it is being done to prevent cache server poisoning, but I am pretty sure there are ISPs that are pretty unhappy about all of those unnecessary DNS query packets. Further, it is dubious just how much that protects against DNS cache server poisoning. Further, DNS cache server poisoning isn't nearly as big as problem as people think it is, but even if it is the TTL (Time To Live) for a host prevents a queries of the the other DNS parent servers until the TTL expires. A whole bunch of extra queries won't change that TTL and cause the bad entry to be flushed out and replaced by the correct one any faster just because there are more of them. Install WireShark (formerly Ethereal) on your systems and you may be amazed how many packets are being shoved out by your machine when you are sitting there doing nothing. You will also be getting a first rate sniffer of what is being broadcast unless you use hubs instead of switches. If you use hubs, you will see all the network traffic on your network.

[7] To block ads. The MVPS hosts file and the BadHosts hosts file don't specifically block ads! HPHosts and other blocking hosts files originally had that as their main purpose. But most of the blocking hosts files have moved beyond just blocking ads. If you ask me, unless the host is doing something wrong, tasteful ads that are associated with what you are looking for are appropriate. You can use something like AdBlock Plus in Firefox on all platforms, or something like AdMuncher with all browsers on MS Windows only. If you want to block ads on all Operating Systems and with almost all browsers a PAC (Proxy Auto Configuration) filter may be your best get. John Loverso makes a good PAC ad blocker but it is woefully out of date ever since he shifted to using AdBlock Plus instead. I can tell you that many sites will block you if you use AdBlock Plus though. They detect it is there. So far they can't catch either a PAC filter or Ad Muncher. They may be able to discover the PAC filter, but finding the Ad Muncher is very difficult and a blocking hosts file is impossible to detect. Just because you and I don't agree that this is a proper use for entries in a hosts file is NOT going to stop others from using it in this manner.

These are just some of the reasons you will still use a hosts file. You can object to any or all of them from a personal level, but unless I missed something you cannot use the RFCs governing what you can do with the hosts file to shoot down any of these reasons. ALL of these reasons are legitimate per the RFCs. So why you are putting an entry into your own hosts file is up to you unless you are doing it to commit fraud. Frequently, bad sites can substitute porn sites for things like Google in your hosts file and that is fraudulent, but that is going in the opposite direction - it is allowing the bad hosts in. They can also substitute do-nothing sites for things like your anti-virus update servers and your anti-spy servers so your protection doesn't get updated. But that is somebody else doing that, not you. There is a new term for that - it is called a Pornado (rhymes with Tornado).

hhhobbit 02:43, 15 June 2007 (UTC)

a better way in XP
The article says you need a work around for XP sp2. this is not true. MS moved the real Hosts file to the windows\I386 directory, edit that one instead, restart, and your done. —Preceding unsigned comment added by 24.91.171.16 (talk • contribs) 16:18, 13:11, 24 June 2006

That is strange. I am running XP Home and XP Pro fully patched. I also have W2K partially patched up to but not including their malware crap which hoses that OS because it caused so many problems. I no longer use W2K for serious work any more though. Both XP are patched up-to-date. Adding an entry to %SystemRoot%\system32\drivers\etc\hosts blocks the relevant added host on both XP machines. Is this some anomaly that happened right after SP2 and went away or what? I would say that since it works to block a host on XP with the file name I just gave you, you are better off removing this comment altogether. How many people do you know who are running XP frozen at SP2 with no additional patches if that is what caused it to be moved to the I386 folder? Actually, I believe this is just a backup of your hosts file that existed pre-SP2. hhhobbit 17:19, 28 January 2007 (UTC)

Advertising in article??
As much as it is helpful to state any product name that would relate to Hosts File, I do not believe it is required as it is a form of advertising, unless someone can prove me wrong...

Reeves 05:43, 25 June 2006 (UTC)

I agree with you. I can't understand the warnings about the links pointing to commercial sites. As far as I know, none of the sites is commercial. The hpHosts, BadHosts, and many of the other hosts files are covered by a Creative Commons license that is so similar to the GPL that they may as well be the same thing. If you see some that have an all rights reserved and a (C) copyright protection, by all means remove the links. The PAC filter that goes with the BadHosts file IS covered by the GPL. Therefore, I think the warning that the links are commercial needs to be removed. hhhobbit 10:24, 24 June 2007 (UTC)

Restart under Windows?
I've never found it necessary to restart a Windows machine for changes to the hosts file to take affect, in fact this is one of the few instances I know of where a restart after a change like this isn't necessary. I've used w9x and w2k, not certain about other versions.

Perhaps the page can be changed to reflect this, I'd do it but I've never edited any pages here before, and perhaps independent confirmation for other Windows versions is necessary.

- JM 16:11 AEST 28/06/2006 --203.76.47.17 06:13, 28 June 2006 (UTC)
 * I agree, I've also never needed to restart the computer to reflect changes
 * Acrilico 14:43, 30 June 2006 (UTC)


 * strange, I have always had to restart for any changes to take effect in w9x, w2000, and xp pro —Preceding unsigned comment added by 24.91.171.16 (talk • contribs) 23:50, 2 July 2006


 * I usually restart the internet browser for changes, but I don't restart the whole computer
 * Reeves 20:49, 15 July 2006 (UTC)


 * The nbtstat -R command works too... Also it works even with the DHCP Client service running. See http://support.microsoft.com/default.aspx?scid=kb;en-us;Q180094
 * Benad


 * It depends on what is accessing the network. Most programs will need to be closed and restarted to pick up the changes. Because of this, most core OS components will usually require a full reboot to pick up the changes (logging out and back in will only work for components like the shell). Advanced users may be able to restart services, drivers, etc., but most average users will simply need to reboot.


 * Again, it depends on what software is accessing the Internet, so restarting a browser (or opening a new tab) may in fact be sufficient for all intents and purposes, but on the other hand, it could also result in “mysterious” circumstances with mixed results where one part seems to be picking up the changes, but not another part.


 * Saying to reboot is just a generic, catch-all step—for pretty much everything. Synetech (talk) 02:33, 4 June 2016 (UTC)

lmhosts
I think the Windows Quirks section of this article should also discuss the lmhosts file. How does this relate to the hosts file? Does Windows attempt to synchronize these at all?


 * This article at tek-tips.com seems to discuss it. Perhaps somebody with better understanding of Windows/WINS networking could distill into something for the article? Dharris 14:54, 5 July 2006 (UTC)

this is another wonderful imagehost, you will find something incommen. —Preceding unsigned comment added by Blackjackdoctor (talk • contribs) 19:34, 5 July 2008 (UTC)

Ether
Please help clarify the entry in the "aether" disambiguation page: "in internet routing, the term ether is associated with hosts" What the heck is it? (Previously "hosts" was a redirect to "hosts file") `'mikka (t) 17:38, 17 July 2006 (UTC)

I don't know the actual page you are referring to. Technically it would be better to drop this from this article altogether since once ether and MAC addresses are introduced you enter discussions of ARP and RARP. Other than to say that IP address maps to closest MAC address (or MAC address of port going out of subnet) and its similarity of host name to IP address, all similarity ends there. I would limit the scope of a hosts file discussion to NOT include lower network layer protocols since that is a different subject. hhhobbit 17:36, 28 January 2007 (UTC)

Add section about downloadable hosts files
This article also needs a section about hosts file that can be downloaded and installed on user systems. Would be great to have direct links to site that maintain hosts files of known/acknowledged malware sites, adult content sites, etc.

You already have the number one blocking hosts file on the Internet which is MVPHosts. The number two blocking hosts file which is HPHosts is available here:

http://hphosts.mysteryfcm.co.uk/?s=Download

Nobody has added this so I am adding it.

BadHosts

http://www.hostsfile.org/ http://www.securemecca.com/

I added the HPHosts and Bad Hosts entries to the Hosts section today. hhhobbit 22:54, 14 February 2007 (UTC) - Congratulations for your excellent document (far better than the French one)! I just wanted to say Funkytoad had to change the name of his tool from 'Hoster 3.1' to 'HostsXpert v4.0' (with a new version) as after years, he realized Hoster was already used for another program... link doesn't change! In my opinion, it would be good not to give the version number so as we'll be always up to date with it! ;-)

So, I suggest the following fix in 'Applications to Manage Hosts Files'

* Funkytoad's HostsXpert free application to arrange, and edit your hosts file.

Ipl001 16:51, 1 May 2007 (UTC) ipl_001 May 1, 2007 6:50p Paris Time (Gérard Mélone from Paris, France) - I fixed the part regarding "Bluetack, B.I.S.S Hosts Manager" because the author should be quoted: it's Kimberly an MS-MVP Windows Security and a friend of mine; there was no text in front of the line; B. is after Bluetack and I guess I made it clearer (link unchanged).

So I changed the part "Bluetack, B.I.S.S Hosts Manager" into "Kimberly's Hosts Manager" and added the comment " – Freeware Microsoft Windows hosts file manager, on the forum B.I.S.S-Bluetack Internet Security Solutions" ipl001 September 21, 2007 7:15p Paris Time (Gérard Mélone from Paris, France) —Preceding unsigned comment added by Ipl001 (talk • contribs) 17:21, 21 September 2007 (UTC)

There use to be an entire section of downloadable host files. what happened to it and why can't we have it back? —Preceding unsigned comment added by Traisjames (talk • contribs) 20:42, 15 September 2009 (UTC)

hosts, not HOSTS
Under the Location heading, I changed the name of the file from "HOSTS" to "hosts", reversing the change that 4.225.172.115 made on 3 August 2006; the rationale being that on Unix-like systems, file names are case sensitive and for them the file is named "hosts". On Windows, the names are not case sensitive, so "hosts" should work there as well. FWIW, every Windows system I've examined displays the name in lowercase anyway, so I can't imagine any objection. —Ksn 18:15, 22 August 2006 (UTC)


 * That’s a perfectly valid argument.


 * Also, the reason you see the filename in lowercase on Windows is likely due to how the file-system and shell operate. They have been designed such that filenames that are entirely in uppercase will be displayed as all lowercase. It is a backwards-compatibility hack that hearkens back to long filenames on vFAT (it is only laterally related to a | stylistic design choice made in Windows 95).  — Preceding unsigned comment added by Synetech (talk • contribs) 02:49, 4 June 2016 (UTC)
 * NTFS stores case info but whether it requires operations to be case sensitive is controlled by per-drive or per-directory flags. Just like VFAT long file names, except I can't recall for the life of me whether you could enable case sensitivity on Windows 95 because I moved to NT 4.0 as soon as possible and spent more time in DOS than the windowing system when I was using it.    You'll still *see* the casing, it only affects how much typing you need to do at the command prompt and allows for the duplicated but differently cased names (which I never thought was a good thing but it matches the behavior of displaying the case to begin with more accurately).  Similarly 8.3 filename creation has been optional for a long time now and is mostly irrelevant since none of the 16 bit software that might choke on a long file name will run on the 64 bit windows versions most people are running.   --A Shortfall Of Gravitas (talk) 05:03, 24 November 2023 (UTC)

dns client service
I've heard different views detailing the "DNS Client" service on Windows XP (and I assume other versions of Windows with that service). It's not that Windows "ignores" the HOSTS file, but it tries to load the _complete_ HOSTS file into this "cache", resulting in web surfing/domain name resolution taking very long to work, since it has to go through so many entries. And well, look at the external links, many of those HOSTS files are greater than 1-2MBs, so having to search through every entry, for every DNS lookup makes Internet sites to seem slow. --70.152.196.25 02:34, 29 August 2006 (UTC)

After making a change to the hosts files, you will need to flush the DNS client cache, otherwise the change will not take effect immediately. ipconfig /flushdns Mikeburns 15:45, 1 February 2007 (UTC)

I added a line to reflect the above and removed the lines below since I believe this is a "better way". Not sure if I should have removed it though.

"Windows XP SP2, and perhaps other versions, appears to ignore the hosts file in certain circumstances if the "DNS Client" service is running. If this happens, one workaround is to stop and disable the service. It is not known whether there are better ways to workaround this quirk."

Mikeburns 16:00, 1 February 2007 (UTC)

You can have "DNS Cache" or a blocking hosts file, but not both! Well, you may get away with a really small file.

When you have DNS Cache turned on, it is assumed that all of the hosts files entries have been read into the cache. Therefore the order of lookup is DNS Cache first, DNS query second. If you turn off DNS Cache, then the order is hosts file first, DNS second.

Where should I begin here? "DNS Client" is a service that is provided on Windows 2000, Windows XP, and Windows 2003 Server. I have yet to look at Vista, but assume it is the same. "DNS Client" attempts to read all of the hosts file entries, but if there are too many, it can't read all of them into the cache. DNS Cache was intended to be a quick and easy fix to reduce the number of DNS lookups and Microsoft thought it would never store more than a few thousand host names. A better solution for speeding things up would have been to tell people to put entries of hosts they go to all the time into the hosts file. Every time the OS loads, it should check to see if the Hosts file has been altered to create an on disk btree for fast retrieval of names. Using an ipconfig with the /dnsflush option could be used to force the re-reading and creating. Even if you have several thousand entries in the hosts file, it is much quicker to look on average at 1/2 of the hosts in the hosts file to find what you need than to send a request to a DNS server and wait for the reply. But a btree would would be so much better you can't believe it.

WARNING! You cannot turn off DNS Cache if you use IPSEC and several other services. Having said that, the only way around this problem if you are using a blocking hosts file is to just turn off the "DNS Client" service. You are better setting it to "Manual" for startup first though. So far, there is no other work-around for the problem. If you must have DNS Client for IPSEC or other services, don't use a blocking hosts file. Use a proxy server instead and load all of the stuff into it.

Several years back Spybot Search & Destroy started removing my blocking entries and before long the CPU was maxed! The reason why is that it was reloading the DNS Cache after every host removal. I never did find whether it was Spybot doing a ipconfig /flushdns or the OS detecting that the file was changed and automatically reloading things itself. My suggestion is that if you use a blocking hosts file, set your Anti-Spyware software to monitor but not alter the hosts file without your consent. If it makes any changes it should make them in a copy and put off reloading the Cache only after all the alterations are done. It should not remove any entries for "127.0.0.1" or "0.0.0.0" unless that is what is used to keep what ever is bad going. If the Anti-Spyware software automatically removes blocking entries, I would either have the Anti-Spyware not monitor the hosts file any more, or replace it with better Anti-Spyware software that treads more softly.

In conclusion, if you use a blocking hosts file on most modern Microsoft Windows operating systems, you must turn off the DNS Cache service. It is all I have found that works. You may be able to get by with a smaller hosts file, but even with it, things work much better if you just turn DNS Cache off. hhhobbit 11:40, 24 June 2007 (UTC)

Ad Filtering
I do not believe that real ad sites should be used as examples in a negative way such as this. It is unfair to single these companies out on such a highly trafficked and is not Neutral. Instead, I think there should be a section on host file syntax before the 'Ad Filtering' section. The syntax section should use the officially sanctioned 'example.com' address. The 'Ad Filtering' section should not show examples, but keep the explanation on how and why it is done. One of the external links could be to a site that provides lists of hostnames to add to your host file. These lists are Loplin 01:04, 13 December 2006 (UTC)
 * Far more complete
 * Fair to competing agencies by attempting to be all-encompassing


 * I went ahead and added the syntax section and removed the 'Ad Filtering' Examples.Loplin 01:52, 13 December 2006 (UTC)

AdSubtract was discontinued on 15th Sep 2006.

http://www.intermute.com/products/adsubtract.html

I removed the link. Here are some better ones for you to have:

Number one for Firefox - Some have tried putting it into Netscape (not advised) https://addons.mozilla.org/firefox/1865/ AdBlock itself is still GNU, but the Filterset.G is COPYRIGHTED. Therefore "AdBlock Plus" will work better for most people.

The following ad blocker will work with all browsers on Microsoft Windows:

http://admuncher.com/

King Of The PAC:

http://www.hostsfile.org/pac.html This is the best PAC filter covered under GNU license. It works on all Operating Systems and in all modern browsers.

Henry Hertz Hobbit hhhobbit 12:51, 14 February 2007 (UTC)


 * I find the original AdBlock very easy to use and economical of resources. No external file needed. Whenever you see a new ad, just right-click and add its domain to the "Filter" list. A block-list is quickly built up, after which very few new ads appear. Also, use the free NoScript add-on for Firefox. It now has capacity to block I-frames. Blocking scripts and I-frames keeps most ads out. I have near-zero tech knowledge (please keep that in mind if you respond!), but these simple solutions, plus the MVPS Hosts filter, have been very effective. Regards, Unimaginative Username 01:31, 15 November 2007 (UTC)

-

Syntax
The syntax is described as per comments in the default hosts file on our Windows XP Media Center system, and the syntax on Linux is more elaborate. That is, under linux a host address can definitely be followed by more than one whitespace separated name, but I think a FQN should come first and is presumably considered the "primary" name in some sense - the rest probably "aliases".

I do not know (yet) if more than one name is valid under Windows XP - hasn't worked at all for me but maybe this is not the reason. I started by copying my linux hosts file to windows, which I thought is what I used to do on Windows 95 and 98. So...

What are the rules on different OSes and versions of them? Can an address ever appear on more than one line (with different names)? Is the Linux syntax the Unix syntax?

Anyway, the current Syntax section is over-simplified or Windows specific.

Jimwrightbe 21:51, 4 February 2007 (UTC)

Jimwrightbell, I have the following for you:

Did you make sure your hosts file that was copied was converted from just LF to CR+LF when you copied it from Linux to Windows?

It may not matter because you are correct about all versions of Windows. They can only handle one hostname per IP on each line. I have not looked at OpenVMS lately, but I think it is similar to Linux which means that you can have one or more hostnames per line. Linux is the same as Unix.

The same address can appear on as many lines as necessary. But do not do that on a Network Management system. By that I mean do not do it on systems running something like HP Openview or Sun NetManager. But by the time you do that, you will be running a Squid proxy server.

Did that answer all your questions? hhhobbit 13:13, 14 February 2007 (UTC)

Could we have some comment on multiple names on the same ip address line eg "127.0.0.1 localhost localhost.localdomain" or "127.0.0.1 localhost.localdomain localhost" and whether the 127.0.0.1 line should ever include the actual hostname ?

Can a wildcard be used for an entry in a hosts file?
I can't find an authoritative source as to whether or not a wildcard can be used as a hosts entry, or if simply entering a host's root domain would act as a wildcard.

For example, would this entry:

127.0.0.1  googlesyndication.com

redirect all communication attempts to any/all hosts within the googlesyndication.com domain to the local host so that they would not need their own specific entries, such as:

127.0.0.1 pagead.googlesyndication.com

127.0.0.1 pagead2.googlesyndication.com

??? —Preceding unsigned comment added by 65.93.89.28 (talk • contribs) 15:38, 14 July 2007 (UTC)
 * No, there is no 'wildcard' in hosts. Your example would only lead googlesyndication.com to 127.0.0.1 and not any subdomain. If you want subdomains to be redirected to 127.0.0.1 too then you will need to specify each and every one of them. PPP (talk) 20:15, 18 July 2009 (UTC)


 * Sadly, PPP is correct; the hosts-file format does not support wildcards. And obviously it is impossible to add every potential domain and subdomain you might want to redirect and/or block to it. In that case, you would have to resort to running a local DNS server like DeadWood. It would be a little more complex to configure than a hosts file, but it would give more control and allow for wildcards and other more fine-tuned configuration. Synetech (talk) 02:56, 4 June 2016 (UTC)

Hostsfile Image
I believe the File:Hostsfile-entry.jpg image is useful in explaining about hosts files and their contents. Through asking at the reference desk, I found out that Spybot - Search & Destroy populated my hosts file. (not me) Maybe the caption can be modified to explain about Spybot. I don't understand how Spybot chooses what to list in the hosts file, but I assume Spybot found adware or something on the listed site. Until the reference desk explained it, I was worried that the site did some unauthorized change to my computer and was worried if the site did other things to my computer. Others may wonder how or why the site is listed when running that command, and can see that having such sites listed was by Spybot (or similar program) to protect the computer. If someone else has a better image, that might be fine, but something to illustrate this is helpful. --Aude (talk) 15:11, 30 January 2009 (UTC)
 * As explained in the article, the Hosts file is a text file. You don't need an image to show text.  You don't need an image to show how to do a DNS lookup, which is what your image showed.  Discussing DNS lookups really isn't even that appropriate here, just point them to dig. Showing an image of a DNS lookup citing a website that has had a long history of apparent conflict between them and wikipedia has no place on the wikipedia.  If the justification for an image is what you can put into a caption, then the image is not needed, just put the text in the article. Wrs1864 (talk) 15:46, 30 January 2009 (UTC)

Unsourced footnotes
The following footnotes, which are numbered 5, 6, and 7, respectively, in this version, do not cite any sources nor contain any links to verify them.

"5. Using the loopback address can be problematic as it redirects requests to the local machine which may be running a web server for a different purpose. Consequently, using an invalid address, like 0.0.0.0 or 255.255.255.0 is safer."

"6. Running a local web server can expose a system to increased external attacks; doing so for this purpose is questionable. Furthermore, a local web server may well be used for other purposes so configuring it to reject unwanted ad requests while fulfilling its primary purpose may be troublesome and the added load may be undesirable."

"7. On some Windows machines, the "DNS Client" service may need to be stopped in order for changes to the hosts file to take effect."

They appear to be someone's own statements, and were most probably intended to be helpful. However, please know that as an encyclopedia article, all significant statements in the article should be sourced, and the "References" section is the place to put those sources and/or links to them. These footnotes, if properly sourced, might properly belong in the article itself. If unsourced, Wikipedia policy would require their removal. Appreciate if the author(s) source them. Unimaginative Username (talk) 09:59, 8 July 2009 (UTC)

255.0.0.0 and 255.255.255.0 should not be used, as these adresses are not by definition invalid. so i'm not suprised that there is no proper footnotes for that.... just type them into your browser and it tries to connect - and thats what should be avoided. —Preceding unsigned comment added by Swandersleb (talk • contribs) 18:52, 3 January 2010 (UTC)

Windows 'DataBasePath' registry path
The article states: ''%SystemRoot%\system32\drivers\etc\ by default. Actual location defined in Registry key \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath.'' Does that key really works? I made a couple of checks, and it appears that the key works on Windows 2000, but is ignored on Windows XP and Windows Vista (the path to the hosts file on XP/Vista seems to be hardcoded into the dnsapi.dll module, which is used by both Dnscache (aka DNS Client) service and winsock). Could someone confirm this behavior ? --Gynvael Coldwind (talk) 08:54, 10 August 2009 (UTC)


 * Unfortunately, that was, and still is the case; that registry entry is only valid up until Windows 2000.


 * (I actually grappled with this issue for a while many years ago so that I could store the hosts file on a data partition instead of the system drive, and I vaguely recall trying to hack the dnsapi.dll file, but eventually I ended up having to abandon it and leave it where it was.) Synetech (talk) 03:10, 4 June 2016 (UTC)

See note?
Article read "%SystemRoot%\system32\drivers\etc\ (see note)" - which note? --Chuunen Baka (talk  • contribs) 14:08, 19 August 2010 (UTC)
 * Fixed Kbrose (talk) 14:20, 19 August 2010 (UTC)

Caveats of using the hosts file as a filter
Twice I added a note about the important difference between a local host file and a network-wide filtering policy. Unfortunately both were eventually reverted by Kbrose. I am asking why a section on filtering exists, if it cannot be complete with a mention of its important caveats. The latest revert can be seen as an "OS-specific cleanup" at which mostly deleted text I didn't write, but also deleted my entry near the end. This is not an OS-specific issue, although there were references to common unix software (unix being commonly used as gateways). Should such a note be added again, but with a reference to a book on network security? Or will this still be a wasted effort? Thanks, 66.11.179.30 (talk) 22:00, 23 August 2010 (UTC)
 * I think all of these recipes of secondary use of the hosts file amounted to how-to advice and original research, which is not within WP scope. I don't know what important info you refer to, but if it is to point out that hosts file based methods are not network-wide, then I'd say such trivia is not notable. If you would like to remove all these filter mechanism that are not the intent of this facility, please do so. Kbrose (talk) 23:26, 23 August 2010 (UTC)
 * Bizarre what people think is or is not relevant. I discovered wikipedia via this page many moons ago.  The chunk Kbrose removed was actually the bit I used to deal with my HOSTS file after moving to win7 a month back...  I don't see it as a "how to" but as an integral part of understanding the HOSTS file.  The IP's posting looked reasonably relevant to me. -- Herby  talk thyme 07:55, 24 August 2010 (UTC)
 * Objectively, the only thing that there is to understand about the hosts file is that it is a name resolution facility for IP. That is the only purpose it has and once you understand that, everything else falls in place. What creative things one does with a name service function beyond this, may be interesting to some, but is entirely how-to and depends on the service and the software that uses the name lookup. The same creative use can be accomplished by using other name services. We don't include this stuff in the DNS or NIS articles either, as far as I recall. But if it is of interest, you are free to write an article about misuse, abuse, or creative use of name services, if you have reliable references to support the material. Kbrose (talk) 16:45, 24 August 2010 (UTC)

Location table
A dispute seems to exist over the origin and attribution of the location table in this article. I examined the history of the section and the claimed source wiki. Based on this I found that the content of the table existed well before the claimed source existed, and that the claimed source likely copied its original content from this article. Claiming a source credit for simply formatting the information into a wiki table is not a valid reason for a citation, as the claimed source is using the identical software and formatting tools created by Wikipedia. Furthermore, the claimed source's owner or creator is engaging itself in promoting the source here, which is a violation of WP:COI and other WP policies regarding self-citing.

There appears no reason to cite the source here. The information in the table is furthermore not a unique intellectual creation of the claimed source, it is simply a compilation of commonly available technical facts of operating systems. Kbrose (talk) 18:42, 1 September 2010 (UTC)
 * Additionally there does appear to be some COI maybe. -- Herby talk thyme 21:09, 1 September 2010 (UTC)
 * We went through all this over a year ago. See discussion above.  I completely replaced the location list at the time, due to incompatible licensing of the content copied from lunarsoft's wiki. See edit here. Tarun then later copied Wikipedia's table into lunarsoft's wiki (without attribution). I originally cited his wiki at the time, but would say it should now be removed because the source itself has changed to effectively be a mirror of Wikipedia.  Wikipedia cannot act as a cite for itself.  -- Escape Orbit  (Talk) 23:16, 1 September 2010 (UTC)

Location on 64-bit Windows
I know Wikipedia isn't a tech support channel, but...

The table says that on 64-bit Windows, the location is "%SystemRoot%\SysWOW64\drivers\etc\". I've got a couple of 64-bit Windows systems here (Windows Server 2008 Standard, Windows Vista Ultimate, both 64-bit), and neither one has an "etc" folder in %SystemRoot%\SysWOW64\drivers\. I know it's what the linked support.microsoft.com page says, but that doesn't mean it's necessarily true. :-) —Preceding unsigned comment added by 216.163.72.2 (talk) 21:26, 26 October 2010 (UTC)

improper traditional name
The intro says the traditional name is hosts. Back in 1981, it was HOSTS.TXT because DEC's OSs were most popular. The intro should say conventional name. - Eric

Edit request on 24 December 2011 - Why are MY LEGITIMATE FACTS ON HOSTS FILES BEING BLOCKED? apk

 * Custom HOSTS files can speed up of resolutions of IP addresses:

This is possible using the local HOSTS file also - This is known as "hardcoding" an IP-address-to-HOST/DOMAIN name. Doing so locally results in far faster resolutions of hosts/domain names to IP addresses, since this typically takes 30-hundreds of milliseconds response from remote DNS Servers (which have also been subject to "DNS Poisoning" redirects for exploit over time and many recently also, per http://en.wikipedia.org/wiki/DNS_cache_poisoning ), vs. mere 7-10ms access of the HOSTS file from harddisk (or faster once the hosts file is cached into memory either by the local kernelmode diskcache subsystem in modern operating systems, or when using smaller hosts files, as larger files aren't good with the local DNS clientside cache service in Windows (which has a flaw in it with them due to a fix-size buffer/array/list/queue in use, noted here for work-arounds vs. it http://winhelp2002.mvps.org/hosts.htm see below next)... apk

Possible Workaround for using the MVPS HOSTS file and leaving the DNS Client service enabled (set to: Automatic)

If you find after a period of time that your browser seems sluggish with the DNS Client service enabled you can manually flush the DNS cache Close all browser windows ... open a "Command Prompt" from the Start Menu > All Programs > Accessories > Command Prompt (type) ipconfig /flushdns (press Enter) Then close the Command Prompt ...

A better Win7/Vista workaround would be to add two Registry entries to control the amount of time the DNS cache is saved.

Flush the existing DNS cache (see above) Start > Run (type) regedit Navigate to the following location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters Click Edit > New > DWORD Value (type) MaxCacheTtl Click Edit > New > DWORD Value (type) MaxNegativeCacheTtl Next right-click on the MaxCacheTtl entry (right pane) and select: Modify and change the value to 1 The MaxNegativeCacheTtl entry should already have a value of 0 (leave it that way - see screenshot) Close Regedit and reboot ... As usual you should always backup your Registry before editing ... see Regedit Help under "Exporting Registry files"


 * THE WORK-AROUND I HAVE FOUND THAT WORKS BEST WITH LARGER HOSTS FILES is to simply shut down the local DNS clientside cache for DNS via services.msc (setting its startup type to disabled) with larger HOSTS files. This saves CPU cycles, RAM, & other forms of I/O used by said service once it is turned off (plus electricity as well as a bonus by NOT running a service that you do not need & that malfunctions with larger HOSTS files in the 1st place - the kernelmode local diskcache subsystem in ANY modern Operating System will then cache the HOSTS file, like it does ANY FILE (& just like the DNS local clientside cache service, albeit minus the "lags" it introduces with larger HOSTS files))... apk

---


 * Custom HOSTS files can speed up websurfing:

Hosts can very noticeably speed up internet websurfing by blocking out banner ad content which also frees up bandwidth, and gets a websurfer more for his money paid. A good read by Mr. Oliver Day of SECURITYFOCUS.COM on that note is here http://www.securityfocus.com/columnists/491 by Mr. Oliver Day of SECURITYFOCUS.COM ... apk

---


 * Custom HOSTS files help for reliability of site access & for added security vs. DNS poisoning:

Use of hardcoded IP addresses to host/domain names can help circumvent attack & exploit by DNS poisoned DNS servers (via using hardcodes of sites you often visit, for example, as noted above for speed) - once more, this link has a good read on that also http://www.securityfocus.com/columnists/491 by Mr. Oliver Day of SECURITYFOCUS.COM ... apk

---


 * Custom HOSTS files help security vs. DNSBL:

HOSTS files also can be used to circumvent DNSBL http://en.wikipedia.org/wiki/DNSBL also (where DNS block out sites one may wish to visit despite such blocking): Yet again, a good read on that note is here once more http://www.securityfocus.com/columnists/491 by Mr. Oliver Day of SECURITYFOCUS.COM ... apk

---


 * Custom HOSTS files help Anonymity vs. DNS request logs:

HOSTS can help avoid DNS request logs if you hardcode in favorites into it (for 'security/anonymity' purposes)... apk

74.106.199.117 (talk) 03:54, 24 December 2011 (UTC)

Edit request on 24 December 2011 - Why are MY LEGITIMATE FACTS ON HOSTS FILES BEING BLOCKED? apk
Any modern antispyware or antivirus will detect malicious hosts or domains in a HOSTS file. Spybot Search and Destroy is an example thereof, & yet again, that's noted here also http://www.securityfocus.com/columnists/491 by Mr. Oliver Day of SECURITYFOCUS.COM ... apk


 * The use of 0.0.0.0 circumvents the possible "threat" noted above: This is analogous to a DNS "blackhole" and does NOT loop back to the host computer loopback address of 127.0.0.1 as noted above (and the use of 0.0.0.0 also parses faster since it is smaller by 2 characters per line than 127.0.0.1 does in hosts file entries for blocking known malicious sites/servers/hosts-domains) - An even smaller & faster blocking address format is possible on Windows 2000 & XP (Server 2003 also) in using 0 as the blocking IP address (this was also possible on VISTA until 12/08/2009 MS "Patch Tuesday" but is no longer possible on versions of Windows after VISTA (7/Server 2008)).... apk

74.106.199.117 (talk) 03:55, 24 December 2011 (UTC)

Thank you for coming to the talk page to discuss this. Your additions have been removed (twenty times now) because they are not suitable. Wikipedia is an encyclopaedia. It is not a manual on how to tune your hosts file, or how to use it to aid your computer's security, or any other "how to" guide.

You'll see how this has been explained on the page's edit history when it has been removed. You might want to consider creating an account, so that other editors can contact you directly. Thanks. -- Escape Orbit (Talk) 13:18, 24 December 2011 (UTC)

\-HOSTS file location clarification---\

When you mention the file location for the HOSTS file, you mention "%SystemRoot%" for Windows. Not everyone knows what this is, and not everyone knows it's suppose to be in the "Windows" directory. This needs some clarification as it has confused me on two separate occasions when I read this article and forgot where it was at. — Preceding unsigned comment added by 98.244.51.203 (talk) 08:30, 31 December 2011 (UTC)

Basic error
I looked at this article to find the location of the "hosts" file. It has a section on that topic, with a chart listing the location for Windows 7, which I use.

However, there is no "hosts" file in the directory this article says. The closest thing is a file named "lmhosts.sam". — Preceding unsigned comment added by 50.131.14.250 (talk) 15:12, 12 September 2012 (UTC)

Formatting and edit warring
I have read a number of technical and service manuals... both printed and on the WWW. There are many which utilize different font faces for different contextual parts of a manual. For example an error message might be boxed and annotated, a dangerous point in a procedure might be preempted with an italic Danger heading, and code of any language will generally be written in a uni-spaced (Monospace) font or type style reminiscent of a teletypewriter.

Since HOSTS is a filename, I believe in our reference work we should annotate it as filenames often are: with a HOSTS, which looks like this: HOSTS. It is no different than italicizing the name of a ship or book title to distinguish it. The context of a HOSTS file is such that it refers to a file located in a file system, just as AUTOEXEC.BAT and Autorun.inf. Please notice that these articles tend to use the "teletype" markup extensively for filenames.

I have twice used  instead of HOSTS in some article revisions... but I guess there is at least one person who didn't care for the [former]  version. I meant the latter version: HOSTS. My edits are consistent with the types of articles I have seen published here, and I am hardly a novice at the subject matter or the use of formatting in Wikipedia. I like to saw logs! (talk) 08:04, 16 June 2014 (UTC)
 * The issue is this edit which introduced many code tags. I suspect the word "hosts" appears too often for a special font to be desirable, and it could be argued that "the hosts file" should not have a special font. I don't think I've seen this issue at Wikipedia and do not know if WP:MOS has an opinion. Perhaps Escape Orbit would like to comment. Johnuniq (talk) 10:33, 16 June 2014 (UTC)
 * Wikipedia is not a technical or service manual.
 * There is nothing in the manual of style that I know of that suggests text within paragraphs in the article body may switch font in order to emphasis or stylise words. Indeed, MOS:MARKUP suggest that this should be avoided. All that should used is italics and bolding, so adding additional styling makes reading harder and is confusing.  The  or teletype font style? The usage at places like AUTOEXEC.BAT and other articles discussing filenames is just plain old normal. I would take an expert's advice on the matter: er, mine. But barring that, I simply pointed to corroborating evidence assuming you might not be familiar with technical manuals and reference works that discuss files. Any old copy of a UNIX manual would likely demonstrate this. (Please see for example the Dd_(Unix) command and for more examples of , in this case around code structures)

This article, Name Service Switch, shows that the hosts file should be wrapped around <tt>teletype</tt>, so I will quote it here from the first paragraph:
 * These sources include local operating system files (such as <tt>/etc/passwd</tt>, <tt>/etc/group</tt>, and <tt>/etc/hosts</tt>), the Domain Name System (DNS), the Network Information Service (NIS), and LDAP.


 * These sources include local operating system files (such as <tt>/etc/passwd</tt>, <tt>/etc/group</tt>, and <tt>/etc/hosts</tt>), the Domain Name System (DNS), the Network Information Service (NIS), and LDAP. [Same thing with links fixed due to a redirect bug because of this being a talk page.]

So the article is about a specific UNIX file or perhaps a Microsoft Windows file. The most common formatting for filenames seems to be a toss-up between  and <tt>teletype</tt>, with a smattering of italics. Take your pick, rewrite the WP:MOS to include this common formatting, and let's improve the article. I like to saw logs! (talk) 07:38, 18 June 2014 (UTC)


 * The point of the WP:MOS is to ensure consistency across all of Wikipedia, and stop articles drifting off into their own inconsistent formats. So yes, it does take a lot to convince me that there's a special case for over-riding it.
 * There is obviously a difference between changing font when detailing a file path and name as it would be used on a computer, and mentions of the file within normal text. Currently I would suggest that WP:MOSCOMM, which explains use in command lines, is closest we've got in the MOS and I would argue that this is in agreement with what I've said above.  It's fine when a file is identified as used on a command line, but otherwise no.
 * Constant switching of styling in the article body at every mention of "<tt>hosts</tt>" is ugly, incongruous, largely inexplicable and <tt>needlessly</tt> interferes with legibility . Particularly in instances where it is not the file itself being discussed, but the concept, contents, function or use.
 * Perhaps there is a need for guidelines making specific reference to mentions of file names.  -- Escape Orbit  (Talk) 13:05, 18 June 2014 (UTC)

Help
Can someone help me. What is the host file supposed to contain? My XP seems to have two hostss files, one with just a couple of entries and the number beginning with 127, another with a few hundred names all with 0.0.0.0. This one is from 2014. Should it be kept or removed? Should it be updated? The reason I am asking is because your description of this file is not clear to someone like me, who is educated but not acustomed to computerese. 74.12.126.155 (talk) 19:37, 8 February 2016 (UTC)

1) Wikipedia is not a help site. 2) There is only one "hosts." file. It doesn't have an extension. If you see a ".txt" file then it is ignored. • Sbmeirow  •  Talk  • 03:15, 9 February 2016 (UTC)

Requested move 12 October 2016
<div class="boilerplate" style="background-color: #efe; margin: 2em 0 0 0; padding: 0 10px 0 10px; border: 1px dotted #aaa;">
 * The following is a closed discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. Editors desiring to contest the closing decision should consider a move review. No further edits should be made to this section. 

The result of the move request was: No consensus to move. Fuortu (talk) 21:50, 30 October 2016 (UTC)

Hosts (file) → Hosts file – Per WP:NATURALDIS. This file is commonly referred to as the "hosts file". nyuszika7h (talk) 14:19, 12 October 2016 (UTC) --Relisting. ©   Tb hotch ™ (en-2.5). 01:59, 20 October 2016 (UTC)


 * Oppose: The current name makes it clear that the name of the file is hosts, i.e. a proper name, not just some hosts file. Kbrose (talk) 15:23, 12 October 2016 (UTC)
 * Oppose - it should be "hosts (file)" with the parens - •  Sbmeirow  •  Talk  • 18:32, 12 October 2016 (UTC)
 * Support – hosts file is the overwhelming WP:CN in the field, with lowercase h. — JFG talk 16:06, 16 October 2016 (UTC)


 * The above discussion is preserved as an archive of a requested move. Please do not modify it. Subsequent comments should be made in a new section on this talk page or in a move review. No further edits should be made to this section.

Location of file on ChromeOS
It would be good to add that recent OS to the table. If it is not possible, that would be good to know, also. — Preceding unsigned comment added by 96.237.100.193 (talk) 02:53, 8 February 2018 (UTC)
 * I'm unsure how something that came out in 2011 is recent, but Chrome otherwise falls under the Unix category for the file location. The rest you'll have to Google, because just editing it isn't going to help.  It probably doesn't deserve its own category, only the rootfs behavior is non-standard regarding this file and that's another article. A Shortfall Of Gravitas (talk) 11:08, 5 August 2018 (UTC)

Added Cites
I normally don't feel the need to visit a talk page for an article that appears to just need a few references, but wow is all I can say to any of it. In any case, the first documented use of hosts for anti-advertisement purposes that I can find dates (very unsurprisingly) to the defunct fravia.org / searchlores.org's anti-advertisement section where it was published in June, 1999, and had existed somewhat longer on the messageboards before being posted to the main site. The MVPS list is supposed to have been around since 1998 (according to itself, at least) which pre-dates that article but I'm unable to find any references / links to it from before ~2002ish.

Also added some info from a malwarebytes blog about something that replaces a dns lib and forces an alternate hosts file to be loaded so the original appears unaffected, which is kinda a bass-ackwards way to go about it if you're already modifying the DNS libs but whatever.

I'm honestly amazed people are still using this method given the other options, but that's neither here nor there. A Shortfall Of Gravitas (talk) 10:59, 5 August 2018 (UTC)