# Hosts file not working?



## fwLogCGI (Nov 19, 2009)

*Hosts file not working*


----------



## Runefox (Nov 19, 2009)

Did you restart Firefox after making the HOSTS file change? Also, if the webserver is expecting a certain address for the host, then it won't serve pages on a different host - In Apache, IIRC this means that instead of setting the server address to 10.0.0.12, you'll need to either set it to * or ___.homedns.org.


----------



## ToeClaws (Nov 19, 2009)

If Vista has the same service as prior Windows, then you might want to shut down the "DNS Client" service.  All it does is cache DNS entries, and that mucks with the host file, as well as prefers the machines local/cached DNS to real ones.  Stupid service, completely unnecessary.

Try doing your lookup again after you shut that down.


----------



## fwLogCGI (Nov 19, 2009)

Runefox said:


> Did you restart Firefox after making the HOSTS file change?


I restarted the computer.


> Also, if the webserver is expecting a certain address for the host, then it won't serve pages on a different host - In Apache, IIRC this means that instead of setting the server address to 10.0.0.12, you'll need to either set it to * or ___.homedns.org.


It works on other computers.



ToeClaws said:


> If Vista has the same service as prior Windows, then you might want to shut down the "DNS Client" service. All it does is cache DNS entries, and that mucks with the host file, as well as prefers the machines local/cached DNS to real ones. Stupid service, completely unnecessary.
> 
> Try doing your lookup again after you shut that down.


Still doesn't work.


----------



## ArielMT (Nov 19, 2009)

Make sure Notepad didn't actually save it as "hosts.txt", that Notepad was started with "Run as Administrator," and that whatever security software you're using didn't block changes to the file.  I'm out of ideas.


----------



## ToeClaws (Nov 19, 2009)

Oh crap... that's right, Vista incorporates the sudo-like "run as administrator" thing. :/  ArielMT's likely nailed it - the file has to be saved as "hosts", no extension.  You may need to edit the file with Windows Explorer (or command line) and rename it.


----------



## fwLogCGI (Nov 19, 2009)

ArielMT said:


> Make sure Notepad didn't actually save it as "hosts.txt", that Notepad was started with "Run as Administrator," and that whatever security software you're using didn't block changes to the file.  I'm out of ideas.





ToeClaws said:


> Oh crap... that's right, Vista incorporates the sudo-like "run as administrator" thing. :/  ArielMT's likely nailed it - the file has to be saved as "hosts", no extension.  You may need to edit the file with Windows Explorer (or command line) and rename it.


It isn't .txt,


----------



## ToeClaws (Nov 19, 2009)

*scratches head* Hmm... okay, well could be a stupid question, but where is it located?  It should be under \Windows\System32\Drivers\etc.  Also, make sure your system isn't hiding known file extensions from view (you can change that in Folder Options).


----------



## net-cat (Nov 19, 2009)

Launch command prompt as administrator.

"ipconfig /flushdns"

... though I can't imagine that the cache persists after a restart.

Also...

http://www.techiecorner.com/225/how-to-disable-firefox-dns-cache/

And as silly as it may sound, check for typos. You've blacked everything out, so we can't exactly say "Oh, look. You've spelled it wrong."


----------



## fwLogCGI (Nov 19, 2009)

ToeClaws said:


> *scratches head* Hmm... okay, well could be a stupid question, but where is it located?  It should be under \Windows\System32\Drivers\etc.  Also, make sure your system isn't hiding known file extensions from view (you can change that in Folder Options).


Its in C:\Windows\System32\drivers\etc and extensions aren't hidden.


net-cat said:


> Launch command prompt as administrator.
> 
> "ipconfig /flushdns"
> 
> ...




```
Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.
```

No typos.


----------



## yak (Nov 19, 2009)

Antivirus. Happened to me once.


----------



## net-cat (Nov 19, 2009)

fwLogCGI said:


> ```
> Windows IP Configuration
> 
> Could not flush the DNS Resolver Cache: Function failed during execution.
> ```


General consensus on Google seems to be "DNS Client service isn't running." Which might have something to do with it.

Check in services.msc to see if it's disabled. (It doesn't make a difference in XP, but they changed a lot of stuff around in Vista.)


----------



## fwLogCGI (Nov 19, 2009)

yak said:


> Antivirus. Happened to me once.


Scanning now, using AVG.



net-cat said:


> General consensus on Google seems to be "DNS Client service isn't running." Which might have something to do with it.
> 
> Check in services.msc to see if it's disabled. (It doesn't make a difference in XP, but they changed a lot of stuff around in Vista.)


It was enabled but,


ToeClaws said:


> If Vista has the same service as prior Windows, then you might want to shut down the "DNS Client" service. All it does is cache DNS entries, and that mucks with the host file, as well as prefers the machines local/cached DNS to real ones. Stupid service, completely unnecessary.
> 
> Try doing your lookup again after you shut that down.


----------



## yak (Nov 19, 2009)

fwLogCGI said:


> Scanning now, using AVG.
> 
> 
> It was enabled but,



I should have been more verbose.
Antivirus may be denying access to the hosts file for whatever reason, which is why Windows don't see any of your entries there.  See if it has the hosts file in quarantine or something..


----------



## fwLogCGI (Nov 19, 2009)

yak said:


> I should have been more verbose.
> Antivirus may be denying access to the hosts file for whatever reason, which is why Windows don't see any of your entries there.  See if it has the hosts file in quarantine or something..


It isn't.


----------



## ToeClaws (Nov 19, 2009)

net-cat said:


> General consensus on Google seems to be "DNS Client service isn't running." Which might have something to do with it.
> 
> Check in services.msc to see if it's disabled. (It doesn't make a difference in XP, but they changed a lot of stuff around in Vista.)



Yes - told him to disable it - it's a useless DNS caching service that causes more grief than good.  You don't need to flush the cache when you don't have one.   It's better for a machine to query its DNS servers for every request rather than cache entries and assume that it knows better than a proper DNS authority.

fwLogCGI: I'm curious to see if it's reading anything in there at all.  What happens if you put in some faux entries, does it resolve any of them?


----------



## fwLogCGI (Nov 19, 2009)

ToeClaws said:


> fwLogCGI: I'm curious to see if it's reading anything in there at all.  What happens if you put in some faux entries, does it resolve any of them?


I put this in there:

```
10.0.0.1    youtube.com
```
And it still goes to youtube.


----------



## Irreverent (Nov 19, 2009)

fwLogCGI said:


> I put this in there:
> 
> ```
> 10.0.0.1    youtube.com
> ...



That's because hosts. and lmhosts are actions of last resort, if the windows machine can't resolve it via direct, via nameserv, via local cache, via hosts file.  Windows has a rather loose interpretation of the RFC, mostly because of all the baggage left over from lanman and wins.

Restart your dsl/cable modem and your router, in that order.


----------



## ToeClaws (Nov 19, 2009)

Irreverent said:


> That's because hosts. and lmhosts are actions of last resort, if the windows machine can't resolve it via direct, via nameserv, via local cache, via hosts file.  Windows has a rather loose interpretation of the RFC, mostly because of all the baggage left over from lanman and wins.
> 
> Restart your dsl/cable modem and your router, in that order.



Well that would mean that they've changed the behaviour then.  The hosts file is consulted first, before any other name resolution method.  Started that way in Unix, was ported to Windows from early on with the same behaviour.  Unless Vista has changed that order, the hosts file should be the first thing it does, not the last.

Hmm... if you're running Vista 64 bit, this might be of value:

http://blog.monochrome.co.uk/2008/11/updating-your-hosts-file-in-vista-64-bit/


----------



## fwLogCGI (Nov 19, 2009)

Irreverent said:


> That's because hosts. and lmhosts are actions of last resort, if the windows machine can't resolve it via direct, via nameserv, via local cache, via hosts file.  Windows has a rather loose interpretation of the RFC, mostly because of all the baggage left over from lanman and wins.
> 
> Restart your dsl/cable modem and your router, in that order.


Still doesn't work.


Also tried:

```
10.0.0.1    doesntexist.fake
```
Which did:

```
Ping request could not find host doesntexist.fake. Please check the name and try again.
```
EDIT:





ToeClaws said:


> Well that would mean that they've changed the behaviour then. The hosts file is consulted first, before any other name resolution method. Started that way in Unix, was ported to Windows from early on with the same behaviour. Unless Vista has changed that order, the hosts file should be the first thing it does, not the last.
> 
> Hmm... if you're running Vista 64 bit, this might be of value:
> 
> http://blog.monochrome.co.uk/2008/11/updating-your-hosts-file-in-vista-64-bit/


32 bit.


----------



## ArielMT (Nov 19, 2009)

Doublecheck the Registry:

Key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"  (Edit: Without the space the forum software inserted.)

Value "DataBasePath"

Value Data is the directory where the real hosts file Vista is using actually is.  By default, the value data is "%SystemRoot%\System32\drivers\etc" but check to make sure.

On the command prompt (elevated or normal, shouldn't matter), dump the hosts file based on what the registry entry says, e.g.: type %SystemRoot%\System32\drivers\etc\hosts


----------



## ToeClaws (Nov 19, 2009)

Oi... hmm... well, only things left that I can think of is a DNS malware compromise that is forcing name resolution only by remote (and hidden) server, or IPv6 issues interfering. 

The IPv6 one is an easy fix - if you don't need or use IPv6, then disable it.  The other one might take some digging.  There was a tojan a few years back that did something like this:

http://www.symantec.com/security_response/writeup.jsp?docid=2003-100116-5901-99

I don't know if there are variants of late or not, but I'm out of ideas as to what else it might be. :/  Well... there always the universal fix - don't run Windows Vista.


----------



## fwLogCGI (Nov 19, 2009)

ArielMT said:


> Doublecheck the Registry:
> 
> Key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"  (Edit: Without the space the forum software inserted.)
> 
> ...


Regedit:

```
%SystemRoot%\System32\drivers\etc
```
Command Prompt:

```
C:\Users\Admin>%SystemRoot%\System32\drivers\etc\hosts
'C:\Windows\System32\drivers\etc\hosts' is not recognized as an internal or exte
rnal command,
operable program or batch file.
```



ToeClaws said:


> There was a tojan a few years back that did something like this:
> 
> http://www.symantec.com/security_response/writeup.jsp?docid=2003-100116-5901-99
> 
> I don't know if there are variants of late or not, but I'm out of ideas as to what else it might be. :/  Well... there always the universal fix - don't run Windows Vista.


Already checked with this: http://www.symantec.com/security_response/writeup.jsp?docid=2003-100312-1206-99
And all AVG has found are tracking cookies.


----------



## Irreverent (Nov 19, 2009)

ToeClaws said:


> Well that would mean that they've changed the behaviour then.



I'm pretty sure they did.  But I may be confusing this with XP and Vista handling secondary search domains differently.



fwLogCGI said:


> Still doesn't work.
> 
> 
> Also tried:
> ...



That's odd.  Unless 10.0.0.1 is on your local network, it should have kicked back an "Reply from IP-of-local-router: Destination net not reachable. "

Do you have a physical machine on your net already, that answers to 10.0.0.1?  Have you tried pinging or tracert to it?  Can you post a ipconfig /all dump here?


----------



## ArielMT (Nov 19, 2009)

fwLogCGI said:


> Command Prompt:
> 
> ```
> C:\Users\Admin>%SystemRoot%\System32\drivers\etc\hosts
> ...



The word "type" is the command verb.  Sorry.



fwLogCGI said:


> Already checked with this: http://www.symantec.com/security_response/writeup.jsp?docid=2003-100312-1206-99
> And all AVG has found are tracking cookies.



We weren't suggesting that you had any malware installed, but rather that AVG itself may be preventing updates to the hosts file as part of its protection against malware.  In other words, that AVG might be mistaking your actions as that of malware.


----------



## SnowFox (Nov 19, 2009)

Irreverent said:


> That's because hosts. and lmhosts are actions of last resort, if the windows machine can't resolve it via direct, via nameserv, via local cache, via hosts file. Windows has a rather loose interpretation of the RFC, mostly because of all the baggage left over from lanman and wins.
> 
> Restart your dsl/cable modem and your router, in that order.



Not that I would dare question the otter network admin, but isn't the hosts file still used as a method of blocking bad sites? I think spybot does it. That would imply it's the first place a domain gets looked up.


Perhaps the hosts file got corrupted? try renaming it and creating a new one from scratch.


----------



## ArielMT (Nov 19, 2009)

SnowFox said:


> Not that I would dare question the otter network admin, but isn't the hosts file still used as a method of blocking bad sites? I think spybot does it. That would imply it's the first place a domain gets looked up.



In 2003 and earlier versions of NT, yes, and yes Spybot S&D uses the hosts file for immunization, but Microsoft decided with Longhorn/Vista that the way they do things is right and that the way the rest of the world does things is wrong.

Also, the WinHelp2002 Hosts Page: http://www.mvps.org/winhelp2002/hosts.htm


----------



## fwLogCGI (Nov 19, 2009)

Irreverent said:


> That's odd.  Unless 10.0.0.1 is on your local network, it should have kicked back an "Reply from IP-of-local-router: Destination net not reachable. "
> 
> Do you have a physical machine on your net already, that answers to 10.0.0.1?  Have you tried pinging or tracert to it?  Can you post a ipconfig /all dump here?


10.0.0.1 is the router, 10.0.0.12 is another computer.



ArielMT said:


> The word "type" is the command verb.  Sorry.
> 
> 
> 
> We weren't suggesting that you had any malware installed, but rather that AVG itself may be preventing updates to the hosts file as part of its protection against malware.  In other words, that AVG might be mistaking your actions as that of malware.


It still didn't work when I disabled AVG Resident Shield.

Also,


----------



## ToeClaws (Nov 19, 2009)

ArielMT said:


> In 2003 and earlier versions of NT, yes, and yes Spybot S&D uses the hosts file for immunization, but Microsoft decided with Longhorn/Vista that the way they do things is right and that the way the rest of the world does things is wrong.
> 
> Also, the WinHelp2002 Hosts Page: http://www.mvps.org/winhelp2002/hosts.htm



Aye - I use the WinHelp2002 host blocks on all my systems.  Good stuff.  And I guess it shouldn't come as that much of a surprise that Microsoft has decided 40 years of a particular way of doing things is wrong. :/


----------



## fwLogCGI (Nov 26, 2009)

Its still not working.


----------



## ToeClaws (Nov 26, 2009)

I think we've covered just about every possible thing thus far - all that's left is that either some form of malware is corrupting the way Windows works, or some application is officially doing the same.  If it were my system, I would have reinstalled the OS if troubleshooting had gone on for more than an hour (I haven't the time or patience to fight with Windows issues anymore).


----------



## fwLogCGI (Nov 29, 2009)

ToeClaws said:


> I think we've covered just about every possible thing thus far - all that's left is that either some form of malware is corrupting the way Windows works, or some application is officially doing the same.  If it were my system, I would have reinstalled the OS if troubleshooting had gone on for more than an hour (I haven't the time or patience to fight with Windows issues anymore).


Installed XP and now it works.

[Image]


----------

