# /etc/hosts

> Source: Courseiva IT Certification Glossary — https://courseiva.com/glossary/etc-hosts

## Quick definition

The /etc/hosts file is a simple text file on a computer that tells it which IP address to use for a certain website name. Think of it as a local phone directory your computer checks first before asking the internet's DNS system. If the file has an entry, the computer uses that without going online. It is used for testing, blocking sites, or fixing network issues.

## Simple meaning

Imagine you are in a new city and you have a small personal map book with the addresses of your friends' homes. Every time you want to visit a friend, you pull out your personal map book first. If you find your friend's name and address in your book, you go directly to that address without asking anyone for directions. If your friend is not in your book, you then stop at a public information desk (like DNS) to get the address. The /etc/hosts file is exactly that personal map book for your computer. It is a plain text file located at /etc/hosts on Linux and macOS systems (on Windows it is C:\Windows\System32\drivers\etc\hosts). Every time your computer wants to connect to a website or another computer using its name, it first looks in the /etc/hosts file to see if there is a manual IP address listed. If there is, the computer uses that IP address immediately, without asking the internet's DNS servers. This file gives you local control over name resolution. It is often used by IT professionals for testing new websites before they go live, blocking access to certain sites, or speeding up access to frequently used servers. It is also a common target for malware that wants to redirect your traffic. Because the file is checked before DNS, it is a powerful but simple tool. You edit it with a text editor, and each line contains an IP address followed by the hostname. Comment lines start with the # symbol. The file is read from top to bottom, and the first matching entry is used. This local control is one of the fundamental building blocks of networking on Unix-like systems, and understanding it is essential for anyone working with IT infrastructure.

For example, if you are a developer working on a new version of a company's website that is not yet live on the public internet, you can add an entry in your /etc/hosts file that points the website's domain name to the IP address of your test server. When you type the website name in your browser, your computer reads the /etc/hosts file, finds the entry, and connects directly to your test server. This allows you to test the live-looking website without affecting the public version. This simple mechanism is used daily by system administrators, network engineers, and security professionals to control traffic flow, simulate network changes, and block unwanted communications.

## Technical definition

The /etc/hosts file is a system-level local hostname resolution mechanism that predates the Domain Name System (DNS). It is a fundamental component of the operating system's name resolution stack, defined by POSIX standards and present in all Unix-like operating systems including Linux, macOS, and BSD variants. The file is a plain ASCII text file located at /etc/hosts, and it follows a simple format: each non-comment line contains an IP address followed by one or more hostnames. The general syntax is: IP_address canonical_hostname [aliases...]. Comment lines begin with the hash character (#) and are ignored by the resolver. The file is parsed sequentially by the system's resolver library (glibc on Linux) during the name resolution process. The order of lookups is defined in the /etc/nsswitch.conf file on Linux systems, typically configured as 'hosts: files dns' meaning the system first checks the /etc/hosts file, then queries DNS if no match is found. This lookup order is critical for understanding traffic flow, as entries in /etc/hosts take precedence over DNS.

Standard entries include the loopback address 127.0.0.1 mapped to localhost, and the IPv6 loopback ::1 mapped to localhost. Additional entries commonly include the machine's own hostname mapped to its static IP address for local networking. The file supports both IPv4 and IPv6 addresses. Each line can have multiple hostnames separated by spaces or tabs, with the first hostname being the canonical (official) name and the rest being aliases. For example: '192.168.1.10 webserver www.webserver.com' allows both 'webserver' and 'www.webserver.com' to resolve to 192.168.1.10.

The file is owned by the root user and typically has permissions 644 (readable by all, writable only by root) to prevent unauthorized modification. On modern systems, editing this file requires administrative privileges. Changes take effect immediately because the file is read from disk every time a name resolution happens; there is no cache for /etc/hosts in the standard resolver. In some configurations, the Name Service Cache Daemon (nscd) may cache host file lookups, which would require cache flushing after edits.

The /etc/hosts file is also part of the security landscape. Attackers can modify this file to redirect legitimate domains to malicious IP addresses, a technique used in some types of malware. Systems with stringent security controls often monitor changes to this file as a key indicator of compromise. In enterprise environments, the file is sometimes centrally managed via configuration management tools like Ansible or Puppet to ensure consistent host mapping across many servers.

The file's simplicity is both its strength and limitation. It works without any network service, is immune to DNS outages for the entries it contains, and provides zero-latency resolution for those hostnames. However, maintaining a large number of entries becomes impractical, which is why DNS was developed. In modern networking, /etc/hosts is used primarily for small-scale static mappings, testing, and emergency overrides. Understanding its role and behavior is essential for any IT certification exam that covers basic networking, including CompTIA A+, Network+, and Linux+.

## Real-life example

Think of the /etc/hosts file like the contact list saved directly on your mobile phone. When you want to call your friend Sarah, you first look in your phone's local contacts. If you have Sarah's number stored under her name, you dial that number immediately without searching the internet or asking anyone. Your phone's contact list is the /etc/hosts file. The global phone directory available online or through a phone operator is like the DNS system.

Now suppose you want to test a new phone number for Sarah before she changes her number officially. You would update your local contact list with the new number, and whenever you call 'Sarah', your phone uses that number directly. This allows you to test the new number without anyone else being affected. That is exactly how IT professionals use /etc/hosts to test a new website before it goes live. You change the IP address for the website's name in your /etc/hosts file, and your computer uses that test IP address, but everyone else still uses the public DNS to reach the old IP.

Another analogy: imagine you have a private address book for your family members that sits on your desk. Every time you want to send a letter to your cousin, you check this personal book first. If the book says '123 Main Street', you mail it there. If the cousin is not in your book, you then call your parents to get the address (that is DNS). This personal book gives you the power to manually override addresses for testing, for privacy, or for blocking. If you write 'send all letters to Cousin Jane to /dev/null', you effectively block communication with Jane. Similarly, in /etc/hosts, you can map a domain like 'facebook.com' to 127.0.0.1 (your own computer) to block access to that site on your machine.

The analogy works even for the file's vulnerabilities. If someone else gets access to your personal address book and changes your friend Bob's address to a different location, you will start sending letters to the wrong place. That is exactly what malware does when it modifies /etc/hosts: it redirects traffic meant for legitimate websites like online banking sites to fake phishing sites. So protecting this file is as important as protecting your own personal address book from tampering.

## Why it matters

The /etc/hosts file matters because it gives you local control over how your computer resolves hostnames, independent of external network services. This control is critical in several practical IT scenarios. First, when a DNS server goes down, the /etc/hosts file can keep your system running for critical internal services. If you have mapped your database server's hostname to its IP address in /etc/hosts, your application will continue to work even if your company's DNS server is unreachable. Second, during development and testing, you can preview websites before they are publicly available by pointing the domain name to a staging server. This allows developers to test SSL certificates, website functionality, and performance in a production-like environment without affecting live users.

Third, the /etc/hosts file is a simple security tool. You can block access to known malicious domains by mapping them to 127.0.0.1 or 0.0.0.0. This is a basic form of ad blocking and content filtering that does not require additional software. Many security-conscious users maintain lists of known bad domains in their hosts file. Fourth, it is essential for network troubleshooting. When a user reports that they cannot reach a website, a quick check of /etc/hosts can reveal whether an incorrect or outdated entry is redirecting traffic. System administrators frequently check this file as part of their diagnostic routine when investigating network connectivity issues.

Finally, understanding /etc/hosts is important for security because it is a common target for malware. A compromised hosts file can lead to serious data breaches, as users are silently redirected to phishing sites. IT professionals must know how to inspect and secure this file, how to detect unauthorized changes, and how to restore it to a safe state. The file's permissions, ownership, and integrity are part of a system's security baseline. For anyone studying for networking or Linux certifications, the /etc/hosts file is a gateway concept that leads to deeper understanding of DNS, name resolution order, and system security. It is a small file with a large impact on how systems communicate.

## Why it matters in exams

The /etc/hosts file appears in several major IT certification exams, though it is most prominent in Linux-focused certifications and CompTIA Network+. Understanding this file is not just about memorizing the path; it is about grasping the concept of local name resolution precedence and how it interacts with DNS.

For CompTIA A+ (220-1101), the hosts file is covered under 'networking' and 'troubleshooting'. Questions typically ask where the file is located on different operating systems (Windows vs. Linux) and how it is used to override DNS for testing or blocking. The exam might present a scenario where a user cannot access a website, and the answer involves checking or editing the hosts file. Also, malware that modifies the hosts file is a known attack vector tested in A+.

For CompTIA Network+ (N10-008), the hosts file is discussed under 'name resolution' and 'network services'. The exam emphasizes the order of name resolution (hosts file then DNS) and the fact that the file is consulted before DNS. Network+ questions may ask about the impact of an incorrect hosts entry on network communication, or how to use the hosts file for testing a new server. The file is also referenced when discussing local vs. external name resolution.

For CompTIA Linux+ (XK0-005), the /etc/hosts file is a core objective. Linux+ expects you to know the file's syntax, location, permissions, and how it interacts with the resolver library. You must understand the role of /etc/nsswitch.conf in determining lookup order. Exam questions can be very specific, such as 'What is the effect of adding a line to /etc/hosts that maps a domain to 127.0.0.1?' or 'Which file takes precedence over DNS for hostname resolution on a Linux system?' There may be performance-based items where you must edit the file to achieve a specific outcome.

For Red Hat Certified System Administrator (RHCSA), the /etc/hosts file is part of the network configuration objectives. You must be able to configure hostname resolution, understand the order of sources, and know how the file interacts with other network configuration files. It is also tested in the context of troubleshooting connectivity issues.

For CWNA (Certified Wireless Network Professional), the hosts file appears tangentially when discussing client-side name resolution in wireless networks. It is not a major focus but can be used in troubleshooting scenarios.

In all exams, common question types include: multiple choice about file location, ordering of resolution methods, effect of specific entries, and troubleshooting a scenario where a website fails to load due to a hosts file entry. Some questions present a screenshot of a hosts file and ask about the outcome. Expect scenario-based questions where you must determine that a misconfigured hosts file is causing a connection issue. The key exam takeaway is that the hosts file is a local override that takes priority over DNS, and it applies system-wide, not just in the browser.

## How it appears in exam questions

In IT certification exams, questions about /etc/hosts typically fall into three categories: location and syntax, precedence and behavior, and troubleshooting scenarios.

Location and syntax questions are straightforward. For example: 'Where is the hosts file located on a Linux system?' The answer is /etc/hosts. You might also see: 'Which character is used for comments in the hosts file?' Answer: #. Or: 'What is the correct format for an entry in the hosts file?' The answer would be: IP address followed by hostname. These are usually one-step recall questions at the start of the exam.

Precedence and behavior questions are more conceptual. A typical question: 'An administrator has configured a web server with the IP address 192.168.1.10. The domain name www.example.com resolves to 203.0.113.5 via public DNS. The administrator wants to test the website before changing the public DNS. What should the administrator do?' The correct answer is to add an entry in the hosts file: '192.168.1.10 www.example.com'. Another question: 'What is the order of name resolution on a Linux system with the default settings?' Answer: local hosts file, then DNS. You might see: 'Which of the following will affect the name resolution order on a Linux system?' with options including /etc/nsswitch.conf, /etc/resolv.conf, /etc/hosts. The key is knowing that /etc/nsswitch.conf controls the order.

Troubleshooting scenario questions are common. For example: 'A user reports that they cannot access www.courseiva.com. Other users on the same network can access it. What is the most likely cause?' The answer could be a misconfigured hosts file on the user's machine. Or: 'After a malware infection, a user notices that typing www.bank.com takes them to a suspicious site. What file should be checked first?' Answer: the hosts file. Another scenario: 'A developer adds an entry in /etc/hosts to test a new site, but later removes it. Users still cannot access the live site. What should the developer do?' The answer involves checking for remaining entries or flushing DNS cache, or checking if the entry was removed completely. You might also get a question about permissions: 'A user tries to edit the hosts file but receives a permission denied error. What is the most likely reason?' The answer is that the file requires root privileges to edit.

Some exams present a truncated hosts file in the question and ask what will happen when the user tries to access a specific domain. For instance, if the file contains '127.0.0.1 example.com', the result is that example.com will resolve to the local machine, effectively blocking access to the real site. These questions test your ability to read the file and predict network behavior.

Network+ exams occasionally include performance-based items where you must simulate editing the hosts file, such as in a virtual lab. They test if you can correctly add an entry and verify the result using ping or nslookup. The key is to remember that changes take effect immediately without needing to restart any services.

## Example scenario

You are a junior IT support technician at a mid-sized company. The company has a web-based internal application called 'timelog' that employees use to log their work hours. The application runs on a server with the IP address 192.168.10.50. The server's name is 'timelog-server'. The company's DNS administrator has set up an internal DNS record so that 'timelog.company.com' points to that server. Employees access the site by typing 'timelog.company.com' in their browser.

One morning, you receive a call from a user in the accounting department. She says she can no longer access timelog.company.com. The browser just shows an error message saying the site cannot be reached. She has been using it for months without any issues. You first check if other users have the same problem. A quick call around the office reveals that many users can access the site just fine, but three users in the same wing of the building cannot. This suggests the issue is not with the server or network, but with the individual computers.

You decide to check the /etc/hosts file on one of the affected computers. You open a terminal (since these are Linux systems) and type: cat /etc/hosts. You notice an unusual entry: '192.168.10.50 timelog.company.com' is correct, but above it there is a line: '127.0.0.1 timelog.company.com'. Someone, probably the user who is known for experimenting with system files, has added a line that maps the application's domain to the local loopback address (127.0.0.1). This means that when the computer tries to resolve timelog.company.com, the hosts file returns 127.0.0.1, which is the computer itself, not the actual server. The browser tries to connect to a web server on the local machine, which does not exist, resulting in the 'cannot reach' error.

You explain to the user: 'Your computer has a local address book that overrides the internet's address book for this website. Someone accidentally wrote that this website lives at your own computer's address. I need to remove that incorrect entry.' You edit the file with root privileges using sudo nano /etc/hosts, delete the erroneous line, and save. You then test by pinging timelog.company.com. The ping responds with 192.168.10.50, the correct server address. The user can now access the site. This scenario illustrates how a single incorrect line in /etc/hosts can cause a localized outage that can be easily diagnosed by checking the file. It also shows the importance of knowing where the file is, how to read it, and how to edit it safely.

## Common mistakes

- **Mistake:** Thinking that editing /etc/hosts requires no special permissions.
  - Why it is wrong: The /etc/hosts file is owned by root and is only writable by root or users with sudo privileges. Trying to edit it as a regular user will result in a permission denied error. This security measure prevents unauthorized changes that could compromise network security.
  - Fix: Always use sudo or a root shell when editing /etc/hosts. For example, type 'sudo nano /etc/hosts' to open the file with administrative rights.
- **Mistake:** Putting the hostname before the IP address.
  - Why it is wrong: The correct syntax is IP address first, then hostname. For example, '192.168.1.10 myserver' is correct. Writing 'myserver 192.168.1.10' is wrong and the entry will not work. The system parser expects the IP address as the first field.
  - Fix: Remember the order: the number (IP) comes first, then the name. A helpful trick is 'IP then name, like a phone number then a contact name in your phone.'
- **Mistake:** Assuming the hosts file is the only place where local name overrides are defined.
  - Why it is wrong: On modern Linux systems, there are other files and services that can affect hostname resolution, such as /etc/nsswitch.conf (which controls the lookup order), systemd-resolved, and dnsmasq. Simply editing /etc/hosts may not have the expected effect if another service is caching or overriding resolutions.
  - Fix: Check /etc/nsswitch.conf to ensure the 'hosts' line includes 'files' before 'dns' and be aware of any local caching services like nscd or systemd-resolved that might require a cache flush.
- **Mistake:** Forgetting to use fully qualified domain names (FQDN) when needed.
  - Why it is wrong: In the hosts file, you can use short hostnames (like 'webserver') or FQDNs (like 'webserver.example.com'). However, some applications expect the FQDN, and if you only map the short name, the application may not resolve correctly. Also, if you use only the short name, the system might append a domain suffix, leading to inconsistent behavior.
  - Fix: When adding entries for services, add both the FQDN and the short hostname on the same line, like '192.168.1.10 webserver.example.com webserver'. This covers both lookups.
- **Mistake:** Assuming changes to the hosts file take effect only after reboot.
  - Why it is wrong: The hosts file is read every time a name resolution is performed. There is no need to reboot or restart any service for changes to take effect. However, if a DNS caching service is running (like nscd or systemd-resolved), it may cache old results and require a flush.
  - Fix: After editing /etc/hosts, test immediately using 'ping' or 'nslookup' to verify the change is active. If you suspect caching, restart the caching service or use 'systemctl restart nscd' if applicable.
- **Mistake:** Thinking the hosts file applies only to web browsers.
  - Why it is wrong: The hosts file affects all hostname resolution on the system, not just web browsers. This includes ping, SSH, FTP, email clients, and any application that uses the operating system's resolver. An incorrect entry can break many different services.
  - Fix: Remember that the hosts file is a system-wide configuration. Any changes will affect all network applications that use hostnames. Always verify with multiple tools, not just a browser.

## Exam trap

{"trap":"The exam might present a scenario where the user can access a website by IP address but not by hostname, and offer options like 'DNS server is down' or 'hosts file is corrupted'. The trap is that the hosts file is often the first thing to check, but the exam may make you think DNS is the issue because it is more commonly discussed.","why_learners_choose_it":"Learners associate hostname resolution problems with DNS because DNS is the standard technology for translating names to IP addresses. They often forget that the local hosts file is checked first and can cause the same symptoms. The term 'DNS' sounds more technical and seems like a logical answer.","how_to_avoid_it":"Always remember the order of resolution: local hosts file first, then DNS. If a single machine cannot resolve a hostname while others can, the issue is likely local, either in the hosts file or the resolver configuration. Do not jump to DNS as the cause when only one machine is affected. Use the 'ping' command with the hostname and observe the IP address returned; if it is 127.0.0.1 or some unexpected IP, the hosts file is the culprit."}

## Commonly confused with

- **/etc/hosts vs DNS resolver cache:** The /etc/hosts file is a static text file that you manually edit to assign hostnames to IP addresses. The DNS resolver cache is a temporary memory store of recently resolved DNS queries. The hosts file persists until you edit it, while the cache is automatically refreshed and cleared. The cache is managed by the operating system or a caching service, while the hosts file is plain text edited by an administrator. (Example: If you add a hosts file entry for google.com to go to a test server, it will stay that way until you remove the line. If you clear the DNS cache, it has no effect on the hosts file.)
- **/etc/hosts vs /etc/resolv.conf:** The /etc/resolv.conf file configures which DNS servers the system will use for name resolution. It lists the IP addresses of DNS servers to query. The /etc/hosts file is checked before the system looks at /etc/resolv.conf. One defines local overrides, the other defines where to look for external resolution. (Example: Setting a DNS server in /etc/resolv.conf does not affect a hostname that is defined in /etc/hosts. The hosts file entry always wins.)
- **/etc/hosts vs /etc/nsswitch.conf:** The /etc/nsswitch.conf file controls the order of lookup sources for various system databases, including hosts. It defines whether the system checks files (hosts) first, then DNS, or in another order. The /etc/hosts file is one of the sources that /etc/nsswitch.conf references. Without /etc/nsswitch.conf configured correctly, the hosts file might not be consulted. (Example: If /etc/nsswitch.conf says 'hosts: dns files', then the system will query DNS first and fall back to /etc/hosts. This reverses the default order.)
- **/etc/hosts vs LMHOSTS file (Windows):** The LMHOSTS file is a Windows-specific file used for NetBIOS name resolution, not DNS-style hostname resolution. It maps NetBIOS names to IP addresses and is used in older Windows networking. The /etc/hosts file maps hostnames to IP addresses and is used for standard TCP/IP name resolution. They serve different protocols and operate on different parts of the network stack. (Example: On a Windows system, you would edit C:\Windows\System32\drivers\etc\hosts for DNS overrides, and LMHOSTS (usually in the same folder) for NetBIOS overrides.)

## Step-by-step breakdown

1. **User initiates a connection using a hostname** — When a user types a URL like 'www.example.com' into a browser, or an application tries to connect to a server using its hostname, the operating system starts the name resolution process. This triggers a library function called gethostbyname() or getaddrinfo(), which asks the system resolver to find the IP address.
2. **Resolver checks /etc/nsswitch.conf** — The system resolver reads the /etc/nsswitch.conf file to determine the order of lookup sources for hostnames. The relevant line is 'hosts: files dns', which means first check local files (the /etc/hosts file), then query DNS. If the order were reversed, DNS would be queried first.
3. **Resolver opens and reads /etc/hosts** — Following the order specified, the resolver opens the /etc/hosts file and reads it line by line from top to bottom. It ignores lines that start with '#' (comments) and blank lines. For each non-comment line, it parses the IP address and the list of hostnames.
4. **Resolver performs a match** — The resolver compares the requested hostname against the hostnames on each line. The first matching line determines the IP address returned. If the requested hostname matches an alias, the resolver uses the canonical hostname for that entry but returns the IP address of the matched line. The lookup stops after the first match.
5. **If no match, resolver queries DNS** — If the resolver reaches the end of the /etc/hosts file without finding a matching hostname, it proceeds to the next source listed in /etc/nsswitch.conf, which is typically DNS. The system sends a DNS query to the servers specified in /etc/resolv.conf. The DNS response is then used to resolve the hostname.
6. **Application uses the resolved IP address** — Once the resolver returns an IP address (either from /etc/hosts or from DNS), the application (e.g., web browser) uses that IP address to establish a TCP connection to the destination server. The user's request is sent to that IP, regardless of whether it came from a manual override in the hosts file or from the public DNS.
7. **Changes take effect immediately** — Because the resolver reads the /etc/hosts file every time a hostname resolution occurs, any changes to the file are effective immediately for the next resolution. There is no need to reboot the system or restart any service, unless a caching service like nscd is running, which may hold stale copies.

## Practical mini-lesson

As a system administrator or IT professional, working with /etc/hosts is a daily reality. The first thing to understand is that this file is a powerful tool for local hostname management, but it must be handled with care. Always use a text editor with root privileges, such as 'sudo nano /etc/hosts'. Before editing, it is wise to make a backup copy: 'sudo cp /etc/hosts /etc/hosts.backup'. This allows you to revert if something goes wrong.

When you add an entry, use the correct format: IP address, then a space or tab, then the fully qualified domain name, optionally followed by aliases. For example: '10.0.0.5 db-server.internal.company.com db-server'. The first hostname after the IP is the canonical name, and any additional names are aliases. The resolver will match any of them. It is good practice to include both the FQDN and the short hostname for flexibility. Also, group related entries together and use comments (lines starting with #) to document what each entry does. This makes the file easier to maintain.

One common professional use is for ad blocking and security. Many organizations maintain a hosts file that maps known advertising and malicious domains to 127.0.0.1 or 0.0.0.0. This effectively blocks those domains at the system level, providing a lightweight security measure on laptops and servers. However, be aware that some sophisticated malware can modify the hosts file to bypass these protections, so monitoring the file's integrity is important. You can use file integrity monitoring tools or even simple scripts that check the file hash periodically.

Another professional scenario is in virtualized environments or containerized applications. When building Docker containers, you might modify the container's /etc/hosts file to customize name resolution inside the container. However, Docker and other orchestration tools often manage the hosts file automatically, so manual edits may be overwritten. Understanding when and how to use the hosts file versus other mechanisms like DNS configuration is key.

What can go wrong? The most common issue is that a typographical error in the hosts file can break connectivity. For example, mistyping an IP address can send traffic to the wrong machine. Another mistake is forgetting to add an entry for both IPv4 and IPv6 if the application uses IPv6. Also, if you have a caching DNS resolver on the same machine (like systemd-resolved or dnsmasq), your hosts file edits may not take effect until you flush the cache. Always test with 'ping' and 'nslookup' to confirm that the resolution uses the expected IP.

Finally, be aware of the hosts file's role in security audits. Many compliance frameworks (like PCI DSS) require that system configuration files, including the hosts file, be monitored for unauthorized changes. As a professional, you should know how to check the file's permissions (should be 644, owned by root), how to detect illegal entries (e.g., phishing domains), and how to restore the file from a known good backup. In a large environment, use configuration management tools like Ansible to distribute a standardized hosts file across servers, ensuring consistency and reducing manual errors.

## Memory tip

Think: 'Hosts First, DNS Last', the /etc/hosts file is always checked before the DNS system, giving you local override power.

## FAQ

**Do I need to restart my computer after editing /etc/hosts?**

No, you do not need to restart. The /etc/hosts file is read by the system resolver every time a hostname lookup occurs. Changes take effect immediately for new connections. However, if a caching service like nscd is running, you may need to flush its cache.

**Can the /etc/hosts file block all ads on my computer?**

It can block many ads by mapping ad server domains to 127.0.0.1, but it is not foolproof. Complex ads that use dynamic subdomains or load from the same server as content may not be blocked. It is a lightweight tool, not a complete ad-blocking solution.

**What happens if I put a line with a non-existent IP address?**

The computer will try to connect to that IP address, which likely does not exist or is not reachable. The connection will time out or fail. This is sometimes used intentionally to block unwanted websites by mapping them to a non-routable IP like 0.0.0.0.

**Is the /etc/hosts file used on Windows?**

Yes, Windows has an equivalent file located at C:\Windows\System32\drivers\etc\hosts. It works the same way, with the same syntax. However, on Windows, the file is often hidden and must be edited with administrative privileges.

**What is the maximum length of a line in the hosts file?**

There is no strict limit set by the standard, but individual lines typically stay under 1024 characters for readability and compatibility. Extremely long lines may cause parsing issues in some older applications.

**Can malware hide its entries in /etc/hosts?**

Yes, malware can add entries and then hide them by making the file very long, using unusual formatting, or even by hooking system calls to hide lines from standard tools. This is why integrity checking and monitoring the file is important for security.

**How can I test if my /etc/hosts file is working?**

Use the 'ping' command with the hostname. If the ping response shows the IP address you entered in the file, the hosts file is working. You can also use 'nslookup' to see which nameserver returns the IP, but nslookup may bypass the hosts file, so 'ping' is more reliable.

---

Practice questions and the full interactive page: https://courseiva.com/glossary/etc-hosts
