What Is /etc/hosts And Why Is It Used?
In order to send network traffic to a host, the numeric Internet Protocol (IP) address for that host must be known. The IP address is traditionally written as xxx.xxx.xxx.xxx where each xxx represents a value from 0 to 255, for an IPv4 network address. Computers require these addresses but humans find remembering numeric values difficult. The Domain Name Service (DNS) provides a mechanism to associate one or more alphanumeric names with a numeric IP address. On a Linux system, these readable names are converted to their numeric IP equivalents by the Resolver Library, contained in the libresolve.so files provided as part of the glibc RPM package. Programs that need to lookup the numeric IP address for a name issue calls to this library.
Host names and their IP addresses may be found in a variety of places: local files, remote DNS servers, or NIS+ servers, to name a few. The order these resources are searched depends on the hosts: entry in the /etc/nsswitch.conf file. This line typically looks like this:
# vi /etc/nsswitch.conf hosts: files dns
This causes the resolver library to consult the local /etc/hosts file first; if the host name is not found there, then consult the remote DNS name servers identified by the /etc/resolv.conf file.
Linux does provide the bind RPM package to allow an administrative domain to configure and maintain its own DNS service, but frequently the size of the local network is only a few hosts and makes justifying the effort of maintaining a DNS service unwarranted.
Format of /etc/hosts File
The /etc/hosts file is an ordinary text file. Two types of lines are permitted:
- Empty Lines
- Host name definitions
Lines may be intermingled as needed. Comments begin with a hash symbol (#) and continue to the end of the line.
Associating Host Names And IP Addresses
For each host a single line should be present with the following information:
IP_address canonical_hostname [aliases ...]
Fields of the entry are separated by any whitespace (spaces or tabs). The first field is the numeric IP address to be used for all the host names on this entry. Either an IPv4 address (10.1.2.3), an IPv6 address (2001:0db8:0000:0000:0000:0000:1428:57ab), or an IPv6 abbreviation (::1) may be used, depending on your requirements.
After the IP address, remaining tokens specify the locally-known hostnames associated with that IP address. By convention, the first name after the IP address is the canonical or fully-qualified domain name. An example of a canonical name would be server.example.com; this is the official name of the host.
Any remaining names defined for the IP address are aliases or alternate names for the official host name. For example, suppose that one of the duties assigned to server.example.com is to be the corporate FTP site. A suitable alias might then be myftp.example.com and this name could be added to the /etc/hosts entry after the canonical name. Many times, an alias is simply the host name, without any domain suffix. For example:
192.168.10.12 server.example.com myftp.example.com myhost myftp
The advantage to listing the canonical host name as the first definition on the line is that IP-to-hostname conversion (similar to reverse DNS lookups) usually display only the first name found; convention uses the canonical name for this. In our example, the command:
$ ping myftp PING myhost.example.com (192.168.10.12) 56(84) bytes of data. 64 bytes from myhost.example.com (192.168.10.12): icmp_seq=1 ttl=64 time=0.023 ms 64 bytes from myhost.example.com (192.168.10.12): icmp_seq=2 ttl=64 time=0.028 ms 64 bytes from myhost.example.com (192.168.10.12): icmp_seq=3 ttl=64 time=0.028 ms
Note that we pinged myftp but results come from host myhost: this is a reliable hint that you are addressing an alias, not the actual host.