16

If I have the following entries in a hosts file:

192.168.100.1    bugs
192.168.100.2    daffy.example.com
192.168.100.3    elmer.example.com.

Will IP->name resolution attempts by local utilies (I assume using 'gethostbyaddr' or the Windows equivalent) honour these entries? Is this behaviour configurable? How does it vary between operating systems? Does it matter whether the 'hosts' file entries are fully qualified or not?

EDIT: In response to Russell, my test Linux system is running RHEL 4. My /etc/nsswitch.conf contains the following 'hosts' line:

hosts:      files dns nis

If I ping any of my hosts by name (e.g. bugs, daffy), the forward resolution works correctly. If I traceroute any of them by IP address, the reverse lookup functions as expected. However, if I ping them by IP, ping doesn't appear to resolve their host names. My understanding was that Linux ping would always attempt to resolve IPs to names unless instructed otherwise. Why would traceroute be able to handle reverse lookups in hosts files, but ping not?

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
Murali Suriar
  • 10,166
  • 8
  • 40
  • 62

3 Answers3

16

Generally the hosts file will be used for both forward and reverse lookups. The preference on a Unix system this will depend on the order of entries in you nsswitch.conf file.

e.g. the line below will make the hosts file override DNS. Reversing the entries will make DNS override the hosts file.

hosts:      files dns

I am not sure if you can tune to order of preference on a windows system.

I have had a look at the source for ping in inetutils-20071127 (the version installed on my Ubuntu 9.04 box) and the source seems to enable numeric only mode if you ping an IP address rather than a hostname:

                if (inet_aton(target, &whereto.sin_addr) == 1) {
                        hostname = target;
                        if (argc == 1)
                                options |= F_NUMERIC;

This could explain why you don't get a reverse lookup when you ping your host by IP address.

Russell Heilling
  • 2,527
  • 19
  • 21
  • That was my thought, but this doesn't seem to be the case. See updated question for details. – Murali Suriar Jul 20 '09 at 11:46
  • I haven't had a chance to look at the source yet; however a quick look at ldd output shows that on my system ping is linked directly to the libresolv DNS resolver library, which could imply that it is bypassing the nsswitch file and doing its reverse lookups directly... – Russell Heilling Jul 20 '09 at 12:15
  • When using the ISC `host` utility, one may get the impression that editing /etc/hosts has no effect. `host 10.0.0.1` will do a DNS query and ignore the hosts file. This allows checking the system resolver: `perl -MSocket -le '$a=inet_aton(shift); $_=gethostbyaddr $a, AF_INET; print' 10.0.0.1` – mivk May 17 '15 at 16:43
8

I found a reference to changing registry entries to alter the name resolution order on Windows:

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=963485

Quoting from there:

By default, Windows checks name resolution providers in the following order:

Local, (NetBT local name cache), Hosts, DNS, NetBT (WINS).

You want the order to be Hosts, DNS, Local, NetBT.

In what follows, lower numbers are higher priority.

The following registry keys in

HKEY_LOCAL_MACHINE\SYSTEM\CurentControlSet\ServicessTcpip\ServiceProvider

need to be modified.

DnsPriority= 0x3e8 (Decimal: 1000)
HostsPriority= 0x1f4 (Decimal: 500)
LocalPriority= 0x5dc (Decimal: 1500)
NetbtPriority= 0x7d1 (Decimal: 2001)
James F
  • 6,549
  • 1
  • 25
  • 23
2

The /etc/host.conf file specifies which order is used for discovering IP addresses. Mine contains the following by default:

#
# /etc/host.conf
#

order hosts,bind
multi on

This means that the hosts file is always checked first and then DNS (bind).

If nis is not specified here then it will never look at /etc/nsswitch.conf.

Documentation link: http://tldp.org/LDP/nag/node82.html

Sekenre
  • 2,913
  • 1
  • 18
  • 17
  • The /etc/host.conf method is outdated for some systems, only nsswitch.conf is used (like glibc and eglibc based systems). These versions of glibc will parse the '/etc/host.conf' without warning and discard the 'order' line. –  Sep 18 '12 at 15:32