linux - Why there is no use changing /etc/hosts

08
2014-07
  • dspjm

    Here are the commands:

    [17:31:13 root etc]# cat /etc/hosts
127.0.0.1       localhost.localdomain localhost
::1     localhost6.localdomain6 localhost6
127.0.0.2   myweb.com
[17:31:25 root etc]# ping myweb.com
PING myweb.com (184.154.233.2) 56(84) bytes of data.
64 bytes from ns1.siteground278.com (184.154.233.2): icmp_seq=1 ttl=42 time=275 ms
64 bytes from ns1.siteground278.com (184.154.233.2): icmp_seq=2 ttl=42 time=273 ms
64 bytes from ns1.siteground278.com (184.154.233.2): icmp_seq=3 ttl=42 time=281 ms
^C
--- myweb.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 273.625/276.874/281.478/3.346 ms

    pinging myweb.com on a machine without networkmanager will get 127.0.0.2, but I am not sure, anyone got an idea what is this about?

    I am using fedora 20.

    • Answers
  • Chris

    Check configuration in /etc/nsswitch.conf and look for hosts:

    hosts:      files dns

    Does it look like that? Basically this line tells the system how to resolve host names: by default on my RHELs it's hostnames first than DNS servers.

    Do you cache DNS? Usually Linuxes have nscd (daemon to cache DNSes) disabled by default. Anyway, hosts if configured right should always take priority over DNS.


    • Related Question

    ubuntu - pings for unknown hosts ping 8.15.7.100
  • Questioner

    Running Ubuntu 9.04. I can ping hosts all day long but when I try to ping a host that doesn't exist, it instead sends pings to 8.15.7.100, which turns in to packet loss, but I'd prefer it if it told me the host cannot be found.

    $ ping google.com
PING google.com (66.249.90.104) 56(84) bytes of data.
64 bytes from lga15s04-in-f104.1e100.net (66.249.90.104): icmp_seq=1 ttl=55 time=31.3 ms

$ ping somehost
PING somehost (8.15.7.100) 56(84) bytes of data.

    I'm new to Ubuntu so this might be a feature, but anything I can do about it?


    • Related Answers
  • quack quixote

    You'll need to determine where your system is getting the weird IP.

    Some ISPs configure their DNS servers to hijack DNS responses for non-existent domain names. Their purpose is generally to send a web-browser to a "search" site to make money by displaying advertisements. Unfortunately, this practice breaks the NXDOMAIN response that DNS would otherwise use to tell your computer that there's no DNS entry for the host.

    If somehost isn't a full domain name, it's more likely your system or local DNS server is misconfigured. You can use dig to query DNS servers to help troubleshoot; see the DiG HowTo and man dig for details.

  • JMac

    It's the ISP; playing tricks.

    See the following article:

    http://www.michaelgeist.ca/content/view/3199/125/

    Rogers Cable uses 8.15.7.107

  • MariusMatutiae

    This has certainly nothing to do with your pc/OS/router. I run several Linux systems, none of them replied the way yours does. As pointed out already, this is, most likely, a trick played by your ISP.

    There are two things that you can do about this. On the one hand, you can study your ISP's behaviour by downloading, installing and running Namebench, a Google test to compare your current ISP's DNS performance against Google's. Besides just timing several possibilites, it also tries to establish whether your ISP performs any kind of filtering, by trying to identify commonly blocked URLs. The report of the test will clarify what your ISP is really up to.

    If the outcome of this is not fully satisfactory to you, you may wish to install DNSCrypt, a software package available for several OSes (Windows and MacOS users can find it here) which allows you to encrypt all of your DNS traffic and move it to a seldom-used port. This allows you to bypass ISP's filters which recognize either filter or protocol, and get access to one of a series of providers (chief among them is OpenDNS) willing to provide encrypted DNS resolution. This will restore full capabilities to your pc/LAN, whatever.

  • nik

    I did a whois lookup on the 'resolved' IP -- 8.15.7.100,

    IP address :            8.15.7.100    
IP country code:        US  
IP address country:     United States  
IP address state:       California  
IP address city:        Beverly Hills  
IP postcode:            90212  
IP address latitude:    34.0607
IP address longitude:   -118.4032
ISP of this IP :        Level 3 Communications
Organization:           Co-Location.com 

Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1)
8.0.0.0 - 8.255.255.255

Co-Location.com Inc. LVLT-COLOC-1-8-15-7-96 (NET-8-15-7-96-1)
8.15.7.96 - 8.15.7.127

    This may be familiar to you -- like Quack describes.
    This maybe something configured along with your ISP related network setup.

    If this reference is not familiar to your, you should dig this up for details.
    It is always important to know where your unresolved network paths lead to.