Why isn't /etc/hosts blocking domains after I add blocked sites via launchd?

2

I've been trying to setup Launchd to block several websites on osX 10.12.2 from 9AM - 3PM Monday-Friday

I set up launchd to cp /etc/hosts_BLOCKED_sites.txt /etc/hosts

Launchd seems to be copying the file correctly.

$ ls -la /etc/hosts   

    -rw-r--r--  1 root  wheel  715 Jan 10 15:01 /etc/hosts

 

$ sudo cat /etc/hosts

    ##  
    # Host Database  
    #  
    # localhost is used to configure the loopback interface  
    # when the system is booting.  Do not change this entry.  
    ##   
    127.0.0.1   localhost   
    255.255.255.255 broadcasthost  
    ::1             localhost   


    # Blocked sites redirected to 0.0.0.0  
    0.0.0.0 reddit.com   
    0.0.0.0 www.reddit.com  
    0.0.0.0 facebook.com  
    0.0.0.0 www.facebook.com

However, I can still open the blocked sites after the /etc/hosts are set to block access.

Any suggestions about why /etc/hosts isn't blocking access to the sites?

Things I have attempted but have failed to block sites on Chrome:

  • sudo killall -HUP mDNSResponder from the command line
  • I attempted to flush the Chrome DNS cache via chrome://net-internals/#dns
  • I attempted to flush the Chrome Sockets chrome://netinternals/#sockets
  • I switched the hosts file to redirect sites to 127.0.0.1 , it did not block the site and I was told it's faster to redirect to 0.0.0.0

This did not make a difference. All the blocked sites are still accessible via Chrome v55.0.2883.95.

BryanWheelock

Posted 2017-01-03T16:16:43.347

Reputation: 73

Try echo "" >> /etc/hosts_BLOCKED_sites.txt. Also what does if grep -E -rl '\r' /etc/hosts_BLOCKED_sites.txt ; then echo windows; else echo unix; fi print? – Camden Narzt – 2017-01-06T21:53:19.127

1Why would I want to pass an empty string to /etc/hosts_BLOCKED_sites.txt ? – BryanWheelock – 2017-01-06T22:58:16.887

unix was returned from the conditional statement. – BryanWheelock – 2017-01-06T22:58:54.977

1The empty string gets appended to the end (thus the double angle brackets) to ensure the last line is a newline. – Camden Narzt – 2017-01-06T23:01:35.213

It might be helpful if you could check with a packet analyzer (tcpdump), for instance) whether DNS queries for the supposedly blocked sites leave your pc or not. Also, it might be helpful to see exactly the DNQ query for any of the blocked site, say reddit.com. – MariusMatutiae – 2017-01-10T08:02:15.567

Answers

4

I noticed that your /etc/hosts file has permission 600. The permissions on that file should generally be 644. If your application can't read /etc/hosts then it will just use DNS.

farhangfarhangfar

Posted 2017-01-03T16:16:43.347

Reputation: 241

2

I'm open to being wrong on this, as I'm no networking expert...

0.0.0.0 is a strictly invalid, non-routable meta-address & may therefore be just being ignored.

In the context of routing, 0.0.0.0 usually means the default route, i.e. the route which leads to "the rest of" the internet instead of somewhere on the local network.

Try 127.0.0.1 instead, which is the default loopback address, i.e. "me"

I'm less good on IPv6, but have known some issues fixed by changing
::1 localhost
to
::1 127.0.0.1

Tetsujin

Posted 2017-01-03T16:16:43.347

Reputation: 22 456

I attempted that: 127.0.0.1 reddit.com It did not block the site. – BryanWheelock – 2017-01-03T19:41:17.677

the site is www.reddit.com not reddit.com – Tetsujin – 2017-01-03T19:50:47.183

I tried both. Neither worked. – BryanWheelock – 2017-01-04T14:52:27.913

You're not giving me much to go on - "it doesn't work" gives me no clues. I've got maybe 50 lines in my hosts file, all work exactly as expected. It's a pretty standard form. Try commenting out all the IPv6 addresses, or at least make sure you're actually capable of routing IPv6. I can't test as my ISP doesn't have it yet. – Tetsujin – 2017-01-04T15:18:55.480

I'm not sure what more info I can provide.

I have shown how my /etc/hosts file is configured, I added the changes suggested but I can still access the sites. Is there a log file or something I can look at to determine why the hosts file is not redirecting to 127.0.0.1 ? – BryanWheelock – 2017-01-04T15:37:53.307

@BryanWheelock he means that syntax error in hosts file results in whole file being ignored. Track it down by testing it step by step. Eg. debugging ipv4 part only by comment out the ipv6. – Marek Rost – 2017-01-07T20:47:33.053

2

Have you verified that /etc/nsswitch.conf has a line like this:

hosts: files dns

If there is not a line like that in the file or if the line has dns before files, then dns queries are made first and if it gets a valid answer the /etc/hosts file is not even looked at

farhangfarhangfar

Posted 2017-01-03T16:16:43.347

Reputation: 241

2Macs don't have an /etc/nsswitch.conf file. – Camden Narzt – 2017-01-09T19:41:27.623

2

Having entered hosts entries for ipv4 + ipv6 and running

sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

to clear caches, I still had to restart Chrome for the hosts entries to take effect.

My hosts entries:

127.0.0.1       youtube.com
127.0.0.1       www.youtube.com
fe80::1%lo0      youtube.com
fe80::1%lo0     www.youtube.com

SebK

Posted 2017-01-03T16:16:43.347

Reputation: 121

The way you've worded this sounds like a comment (from the OP), rather than an answer. – jpaugh – 2018-02-02T15:31:20.973

This answer could do with a bit of fleshing out. – Darren – 2018-02-02T15:46:59.993

@Darren I dunno, I think it looked a lot better in its original form. – Michael Hampton – 2018-02-04T01:57:11.453

1

Try to write them as an alias for the 127.0.0.1

127.0.0.1     localhost www.facebook.com www.reddit.com

Luca Natali

Posted 2017-01-03T16:16:43.347

Reputation: 199

Attempted that and I was still able to access the blocked site via Chrome. – BryanWheelock – 2017-01-05T17:30:54.007

1

First identify the source of the issue, is it from Chrome? is it from Cache? Or, maybe from hosts file itself?

  1. Check the encoding of the hosts file as it should be ASCII not UTF-8.
  2. Try adding a website that you didn't visit ever in hosts file and then check if the issue from cache or hosts file.
  3. Try using dig command to check if Chrome cache is the problem.

Suggestion: You can achieve your goal in Chrome by using extensions like: https://chrome.google.com/webstore/detail/block-site/eiimnmioipafcokbfikbljfdeojpcgbh?hl=en.

Opaida

Posted 2017-01-03T16:16:43.347

Reputation: 121

I'm not sure how to interpret dig results. – BryanWheelock – 2017-01-06T16:30:14.990

reddit.com. 119 IN A 151.101.65.140 – BryanWheelock – 2017-01-06T16:30:27.437

reddit.com. 119 IN A 151.101.1.140 – BryanWheelock – 2017-01-06T16:30:42.677

reddit.com. 119 IN A 151.101.129.140 – BryanWheelock – 2017-01-06T16:30:52.520

reddit.com. 119 IN A 151.101.193.140 – BryanWheelock – 2017-01-06T16:31:14.183

2It means the IP address of reddit.com is 151.101.65.140 which means your hosts file is not effective and the issue is not related to Chrome cache. – Opaida – 2017-01-06T16:42:59.070

Why would the hosts file not be working? – BryanWheelock – 2017-01-06T22:54:14.597

1@BryanWheelock check the encoding of the hosts file as in the edited answer. – Opaida – 2017-01-07T11:48:35.907

sudo file -I /etc/hosts ==> /etc/hosts: text/plain; charset=us-ascii – BryanWheelock – 2017-01-09T20:35:17.180

What does traceroute reddit.com output? You can't rely on dig (or to some degree chrome b/c of layers of caching) for checking if the hosts file is working. – Camden Narzt – 2017-01-10T00:46:30.547

0

According to Host file override not working in Mavericks | Official Apple Support Communities:

The hosts file is cached. Rebooting OS X will reload it. You can also attempt to force a cache reload with the following command:

sudo killall -HUP mDNSResponder

<...> using TextEdit can corrupt the file. The file needs to be plain ASCII text <...>. Use the TextWrangler tool (free) or use the nano editor (or vim or emacs, if you're more familiar with those) <...>:

sudo nano /etc/hosts

/etc/hosts file not being used in Snow Leopard | Official Apple Support Communities suggests:

make sure you use the correct syntax when editing it and also make sure that it has correct permissions. it should be owned by the system and have 644 permissions.

ivan_pozdeev

Posted 2017-01-03T16:16:43.347

Reputation: 1 468

osX has switched back to using /etc/hosts – BryanWheelock – 2017-01-11T18:47:38.993

Isn't the user 'root' the same as being owned by 'the system' ? – BryanWheelock – 2017-01-11T21:20:37.030

Asked: 2017-01-03T16:16:43.347

Viewed: 4 106 times

Active: 2018-02-03T09:30:45.823