35

In Windows System, there is this file at C:\WINDOWS\system32\drivers\etc\hosts. This file allows us to default a specific IP address to a host name.

The issue now is whether I can set multiple IP addresses to a host name. For example, can I do something like this:

192.168.244.128   gateway.net
192.168.226.129   gateway.net

And expect that the browser can resolve to both of them, see which one will work and thus point at that one?

If not, is there any other way to get the behavior I want?

Note: I am deploying this app in my own local area network, so there is no need for internet.

Graviton
  • 2,775
  • 12
  • 41
  • 62

10 Answers10

32

Normally you would not uses hosts to do this, but your DNS. Most DNS will provide what's called a "Round Robin" if you assign multiple A records to the one name in the zone.

What it would do then, is the first request comes through would receive 192.168.244.128, the next would receive 192.168.226.129, so on and so forth. However, by design, your local machine will cache its DNS resolution, and will usually use the same IP address over and over, until it expires (Time To Live, TTL).

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
  • 1
    EDIT: Nevermind, I stand corrected!! [Posted Below](http://www-archive.mozilla.org/docs/netlib/dns.html) – MagnaVis Feb 13 '15 at 04:24
22

Yes, you can do this, I've used it to test round-robin DNS scenarios without having to actually enter the hosts in a DNS.

When an application calls gethostbyname, it gets back the full list of IP addresses (possibly in random order - depending on the libraries / OS).

MarkR
  • 2,898
  • 16
  • 13
13

I think you are going about this the wrong way. Let me know if I'm making the wrong assumptions here.

Scenario:

  • You have two windows servers running the same web application, probably on IIS.
  • You want your application to be fault tolerant so that if one of the servers fails, your application is still available.
  • You want this fault tolerance to be transparent to the browser, so that users can continue to access the application with the same hostname i.e. gateway.net

What your trying to do is called round-robin DNS (aka poor mans load balancing) , but your trying to do this from the client side. This does not seem to have the desired effect (at least on my Windows XP box) even if i flush the DNS cache. Windows will only resolve to the first IP in the file. Nonetheless round-robin DNS is not fault tolerant, so this won't help you achieve what you want.

Suggested solution:

Hardware load balancer: Some brand names are Alteon, Big-IP, Barracuda. What this does is basically present a single IP for your users to connect to & it forwards the requests to the web servers. If one of the servers becomes unavailable, then it will no longer forward traffic to it. This is the expensive option.

Network Load Balancing Services: This is a Microsoft technology available on windows server, which will give you a single clustered IP. It achieves the same result as a hardware load balancer, but in a different way. All you need to do is configure it.

Nick Kavadias
  • 10,758
  • 7
  • 36
  • 47
  • 1
    [ZEN-LB](http://www.zenloadbalancer.com/) is a really simple and easy load balancer. We've had a lot of success with it and love it because its open source (free.) – Derrick Jan 31 '13 at 17:49
  • Load-balancer is an alternative and often better, but it is definitely false that Windows returned only the first address. Windows returns multiple addresses since XP at latest, because I was supporting systems that used this in 2004. They are static-order not round-robin, which could be an issue. And _some programs_ USE only the first address returned, but that's not Windows' fault. – dave_thompson_085 Oct 03 '20 at 05:00
2

From http://www.unc.edu/atn/lsf/docs/7.0.5/lsf_config_ref/index.htm?hosts.5.html~main

IPv4 Example

192.168.1.1 hostA hostB 192.168.2.2 hostA hostC host-C

In this example, hostA has 2 IP addresses and 3 aliases. The alias hostB specifies the first address, and the aliases hostC and host-C specify the second address. LSF uses the official host name, hostA, to identify that both IP addresses belong to the same host.

Peter
  • 29
  • 1
  • 1
    *"The format of LSF_CONFDIR/hosts is similar to the format of the /etc/hosts file on UNIX machines."* I.e.: the source is not about regular hosts files. – gertvdijk Jan 27 '13 at 00:57
1

My suggestion is to use an internal DNS server with DNS round-robin and TTL=0. If you update the DNS record (also with automatic ip checking system) when an IP/server is down, you can have an high-availability system.

lg.
  • 4,579
  • 3
  • 20
  • 20
  • This is not a solution for high availability. DNS is not designed for this and should only be used in conjunction with other fail over methods. A lot of resolvers ignore the TTL cache as well, making this method unreliable. – Mark Henderson Oct 05 '09 at 20:41
1

From http://www.unc.edu/atn/lsf/docs/7.0.5/lsf_config_ref/index.htm?hosts.5.html~main

IPv4 Example

192.168.1.1 hostA hostB 192.168.2.2 hostA hostC host-C

In this example, hostA has 2 IP addresses and 3 aliases. The alias hostB specifies the first address, and the aliases hostC and host-C specify the second address. LSF uses the official host name, hostA, to identify that both IP addresses belong to the same host.

Based on this example I did the following 10.18.y.x 192.168.z.x hostA

Where hostA is the hostname of a server I intend to reach from both internal network (192.168.y.x) and VPN (10.8.z.x).

ping hostA
sending 'ping' on 192.168.y.x [10.8.z.x]
Answer from 10.8.z.x : bytes=32 time=98 ms TTL=64
Answer from 10.8.z.x : bytes=32 time=78 ms TTL=64
Answer from 10.8.z.x : bytes=32 time=111 ms TTL=64
Answer from 10.8.z.x : bytes=32 time=136 ms TTL=64

So it works well and I'm able to get samba working through VNP using hostname so it's fine for me to have my connected drives in windows in both case (LAN or VPN connected).

Best regards.

obrousse
  • 11
  • 1
1

I have done this on a home network where I assign static IPs to both the wired and wireless network interfaces of a laptop, and from another machine's hosts file point a single hostname to both those ip addresses. It seems to work fine.

0

@ Plamen Dimitrov You'll need a device to handle that kind of balance, possibly a switch that can handle BGP in front of your FW- or use your FW if it's capable. If your Ciscos handle BGP look into implementing that. This way you can have both of your ISPs IP going into the Cisco/or switch and the target servers would have valid IPs of 24-bit public IPs (DIFFERENT FROM THE 2 ISP IPs). At that point (you're using 3 different public IP blocks, the one for your servers MUST BE 24 BIT), you'd need to have each of your ISPs know about this solution and they'd have to be willing to support the BGP solution between them, which most will do. Now, when your FQDN resolves, it will resolve to your 24 bit block of IPs, even if 1 ISP lines goes down. The goal is, your 24-bit addresses will always be available due to your ISPs agreeing to route that 24bit address through their lines. This works for VPN too since all you're using for VPN are the 24bit addresses, not either of the IPs from the ISP that you plugged into your cisco/or switch. At that point you have to be wary of BGP FLAPPING where if your lines go up and down a lot, due to a line getting DOS, the DNS addresses will change so much, on the internet, that the DNS servers will AUTOMATICALLY REMOVE THE IPs THAT LEAD TO YOUR 24 BIT BLOCK OF IPs. That's a DOS attack on BGP solutions.

0

Slight clarification here, at least in the Windows world: You CAN have two IP addresses for a single name in a hosts file. When queried, all addresses are returned. The app (i.e. browser) will attempt to connect to each in turn until a connection is made. IOW, it will try all addresses before timing out. (This is a common misunderstanding as many people believe it will only try the "first" address.)

You can verify this with the following experiment:

Add two or more addresses for a host in the hosts file, one real and the others fake. (Make the fake addresses smaller alphabetically.) Open a browser and try to connect to the hostname. Run netstat -no at the same time. You should see connection attempts to the fake address. (stuck in SYN_SENT) The browser will eventually get to the good address and will connect. There is a delay in connecting, but it WILL work.

Ron
  • 1
  • Not saying you are wrong but I just tried it on my Win 10 Pro using Chrome and it did not work. I tweaked my hosts file (and saved it), then ran `ipconfig /flushdns` to make sure previous resolutions were forgotten. Tried to open the site (local to my machine) in an incognito window in Chrome to preclude cache results. It just failed (and I waited several minutes to see if it would eventually work). Hit refresh just to be sure. Then I commented out the bogus IP from my hosts file. Without doing anything else I refreshed the page and it worked. Same thing with Firefox. – Andrew Steitz Mar 15 '18 at 18:08
  • So, it MAY work based on the application but it definitely does NOT work in two modern browsers. – Andrew Steitz Mar 15 '18 at 18:10
  • @AndrewSteitz: it works for me on Windows 10 Home 2004 with Firefox 78.3esr, Chrome 85.something, and IE11 (which identifies as Trident/7.0); the first two take 20 seconds for the bad address before using the good one, and the last only 6 seconds. The same on my older Windows 8.1 also. Edge is now really Chromium so I didn't test separately. Note you can see the (both/all) entries loaded from the hosts file with `ipconfig /displaydns` although the output format is long and verbose. – dave_thompson_085 Oct 03 '20 at 09:22
-1

You can't do this with the hosts file.

You can't do this with DNS either: you can serve multiple IPs for a single name, but the browser will pick just one of those multiple IPs, try it, and if this host is currently down, the browser will display a connection error.

One possible solution is to set up a proxy server and configure these two IPs as the parents for the domain they serve. At least in the case of Squid, the proxy will try one server and, if it fails, try the second server. Then configure your browser to use this proxy server.

Max Alginin
  • 3,284
  • 14
  • 11
  • Not true about round robin: http://www-archive.mozilla.org/docs/netlib/dns.html Note that the likes of google return multiple DNS records. Despite RFC3484 reordering, it obviously helps to return multiple IPs as a failover strategy. – BrianEss Oct 07 '09 at 21:56
  • yes you can do it with the hosts file – warren Nov 28 '09 at 07:11