Wednesday, January 4, 2012

Setting up a host file.

I've been hearing this a lot recently; "Just type the IP address into your browser's address bar and it will take you right to the page."  This is not 100% true.  While it is possible to go to Http://74.125.133.104 and get Google, it is not possible to go to Http://209.166.161.50 and get Cracked.com.  This is due to a thing called "binding".

Warning: in an attempt to teach everyone no matter what level of tech knowledge they have, I will be using metaphors that aren't completely accurate.  This cannot be avoided since the Internet is so unlike anything we've had before.

An IP address is almost like an address to a house (not quiet, but for this tutorial, close enough).  When you want to go to a house, you look at a map and follow the path to the address.  The internet is kind of the same way.  You have an IP address and your computer follows the map to a specific server.  This map is provided by what are called routers and nodes; they're basically intersections and street signs on the information superhighway.

Since it's not easy to remember a thing like Http://209.166.161.50 or the even more complex addresses that came before, a service called DNS was invented.  A DNS server takes a user friendly name like www.cracked.com and translates it into something that's computer friendly, it's IP address.  It's like saying "Joe's House" instead of "123 Fake St. Springfield".  DNS is probably the most important part of the Internet today; without it, the Internet would still be just a hobby uber nerds play with.

There are only a limited number of IP addresses available; only the addresses from 1.1.1.1 to 254.254.254.254 can be used (and many of those are reserved for specific uses).  This is an ever growing problem since the Internet is ever growing.  There are several ways to fix this (IPV6 for example), but the one I'm going to focus on is called Binding.  Binding is a server side tool that allows many web sites to be hosted on one server on one IP address.  Cracked.com is one example; this is why just typing the IP address won't work, it's not bound with any specific page.

This is accomplished by having the server hosting the site requesting the address from your browser.  The server then takes this address and returns the site bound to it.

Imagine if, for one reason or another, the DNS server stops responding or starts responding incorrectly.  You have cracked.com's name and just happen to have it's IP address, but nether work when typed directly into a browser.  You ether need direct access to a DNS server, or you can edit the host file. 

The host file was created back in the days of ARPANET, before DNS servers were invented.  It was the precursor to DNS, but while DNS is centralized, the host file is controlled on each individual PC.  In the event of a DNS server failure, the host file can be used in it's place.  (OK not completely, DNS provides quite a few more services, but the host file can be used to reach specific web sites)

Editing the host file is relatively simple, it's just knowing what to type where.  I only know how to do this in Windows.  If anyone would like to add how to do it in Linux or Mac, feel free to add it in the comments.

The host file can be found under My Computer (or just Computer in Windows 7), in the C drive, under Windows, System32, drivers, etc.  Or just press the Win key and R at the same time, type "%systemroot%\system32\drivers\etc" (without the quotes).  The host file is just called hosts without an extension and cannot be opened with a default program.  In Windows 7 and Windows Vista, the host file is set to read only be default.  All you need to do is right click on the file, go to properties, uncheck the read only option, and click OK.  Just double click on it and windows will ask what you want to do.  If it asks, tell it to chose a program and then select notepad.

The file has two different parts, comments and addresses.  The comments are indicated by the # sign at the beginning, and can be for the most part ignored.  The addresses follow the format of IP address, Tab, domain name.  For example, in windows XP this will already be there:

127.0.0.1     LocalHost

If you use the immunization function in the program Spybot Search and Destroy, there will be many addresses, all starting with 127.0.0.1.  The address 127.0.0.1 is what's called a loopback address.  It doesn't go out to the network, it just points right back to the PC.  Spybot uses this to prevent your computer from going to quite a few known malware sites.  These can be ignored.

To add a new address, just go to the next line and add the IP address, a tab, and then the name.  If we add Cracked.com, it would look like this (Note: Tabs don't work vary well in blogger, I'm using spaces):

127.0.0.1    LocalHost
209.166.161.50    www.cracked.com

When you type in the address into your browser, make sure you type it in the same way as the host file.  In DNS "www.cracked.com" and "cracked.com" are two completely different addresses.

Now, how do you find the IP address associated with the name?  You can ether get the address from SneakerNet (AKA: people you trust can tell you directly) or by "pinging" the address on a computer that isn't having DNS issues.

A ping is basically one computer asking another if they're there and getting a response.  To do this, the ping request has to go to the DNS server to get the IP address.  The command NSLOOKUP works (and was specifically designed for that), but the response from a ping is easier to understand (nslookup can give too much information).

On any Windows PC, press the Win key plus R.  Type CMD and hit OK.  In the black window that comes up, type in the word ping, a space, and the address you need to look up.

You will get a response that is confusing, but we only care about the IP address; it's the set of numbers in the first line surrounded by square brackets.

This is not 100% though.  IP addresses can change, in some cases they can change as often as every half hour (residential DSL).  Most professional sites have a "static" IP address (It doesn't change), but there are other factors involved as well.

Don't be afraid though.  The host file just does domain name translations on that one PC, nowhere else.  The only thing you can screw up is your ability to connect to that site.  If all else fails, delete everything in the host file.  If you have Windows XP or lower, you just need one line:

127.0.0.1    LocalHost

Windows Vista and Windows 7 don't even need that, they can work just fine with a completely blank host file.

Final Note on DNS:

DNS servers are an invaluable part of our Internet.  You probably use one hundreds of times a day without even knowing.  No changes should be made to the DNS system without thorough understanding by experts in the field.  Translation: SOPA and PIPA are bad things; vote NO (For many more reasons then just DNS).

2 comments:

  1. On both Mac OSX and most Linux distros, the hosts file is at /etc/hosts and is set up in the same way as on Windows.

    ReplyDelete
  2. Yes, on the mac you would do the following:
    sudo nano /etc/hosts
    append the last line with the above
    ctrl + o, return

    and you're done, that is if you're in terminal, if you're in point to click you can just open it in gedit or some other gui based text editor.

    ReplyDelete