linux - Why there is no use changing /etc/hosts
2014-07
Here are the commands:
[17:31:13 root etc]# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
127.0.0.2 myweb.com
[17:31:25 root etc]# ping myweb.com
PING myweb.com (184.154.233.2) 56(84) bytes of data.
64 bytes from ns1.siteground278.com (184.154.233.2): icmp_seq=1 ttl=42 time=275 ms
64 bytes from ns1.siteground278.com (184.154.233.2): icmp_seq=2 ttl=42 time=273 ms
64 bytes from ns1.siteground278.com (184.154.233.2): icmp_seq=3 ttl=42 time=281 ms
^C
--- myweb.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 273.625/276.874/281.478/3.346 ms
pinging myweb.com on a machine without networkmanager will get 127.0.0.2, but I am not sure, anyone got an idea what is this about?
I am using fedora 20.
Check configuration in /etc/nsswitch.conf
and look for hosts
:
hosts: files dns
Does it look like that? Basically this line tells the system how to resolve host names: by default on my RHELs it's hostnames first than DNS servers.
Do you cache DNS? Usually Linuxes have nscd (daemon to cache DNSes) disabled by default. Anyway, hosts if configured right should always take priority over DNS.
Running Ubuntu 9.04. I can ping hosts all day long but when I try to ping a host that doesn't exist, it instead sends pings to 8.15.7.100, which turns in to packet loss, but I'd prefer it if it told me the host cannot be found.
$ ping google.com
PING google.com (66.249.90.104) 56(84) bytes of data.
64 bytes from lga15s04-in-f104.1e100.net (66.249.90.104): icmp_seq=1 ttl=55 time=31.3 ms
$ ping somehost
PING somehost (8.15.7.100) 56(84) bytes of data.
I'm new to Ubuntu so this might be a feature, but anything I can do about it?
You'll need to determine where your system is getting the weird IP.
Some ISPs configure their DNS servers to hijack DNS responses for non-existent domain names. Their purpose is generally to send a web-browser to a "search" site to make money by displaying advertisements. Unfortunately, this practice breaks the NXDOMAIN response that DNS would otherwise use to tell your computer that there's no DNS entry for the host.
If somehost isn't a full domain name, it's more likely your system or local DNS server is misconfigured. You can use dig to query DNS servers to help troubleshoot; see the DiG HowTo and man dig
for details.
It's the ISP; playing tricks.
See the following article:
http://www.michaelgeist.ca/content/view/3199/125/
Rogers Cable uses 8.15.7.107
This has certainly nothing to do with your pc/OS/router. I run several Linux systems, none of them replied the way yours does. As pointed out already, this is, most likely, a trick played by your ISP.
There are two things that you can do about this. On the one hand, you can study your ISP's behaviour by downloading, installing and running Namebench, a Google test to compare your current ISP's DNS performance against Google's. Besides just timing several possibilites, it also tries to establish whether your ISP performs any kind of filtering, by trying to identify commonly blocked URLs. The report of the test will clarify what your ISP is really up to.
If the outcome of this is not fully satisfactory to you, you may wish to install DNSCrypt, a software package available for several OSes (Windows and MacOS users can find it here) which allows you to encrypt all of your DNS traffic and move it to a seldom-used port. This allows you to bypass ISP's filters which recognize either filter or protocol, and get access to one of a series of providers (chief among them is OpenDNS) willing to provide encrypted DNS resolution. This will restore full capabilities to your pc/LAN, whatever.
I did a whois
lookup on the 'resolved' IP -- 8.15.7.100
,
IP address : 8.15.7.100 IP country code: US IP address country: United States IP address state: California IP address city: Beverly Hills IP postcode: 90212 IP address latitude: 34.0607 IP address longitude: -118.4032 ISP of this IP : Level 3 Communications Organization: Co-Location.com Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1) 8.0.0.0 - 8.255.255.255 Co-Location.com Inc. LVLT-COLOC-1-8-15-7-96 (NET-8-15-7-96-1) 8.15.7.96 - 8.15.7.127
This may be familiar to you -- like Quack
describes.
This maybe something configured along with your ISP related network setup.
If this reference is not familiar to your, you should dig this up for details.
It is always important to know where your unresolved network paths lead to.