Priority of HOSTS File and DNS Server

Discussion in 'DNS Server' started by Mark, Aug 27, 2004.

  1. Mark

    Mark Guest

    Hi Everyone,
    We are trying to block some Spyware and parasites by using HOSTS file, one
    example entry in the HOSTS file is like this:
    127.0.0.1 abcsearch.com
    If the computer has a direct connection to Internet, like a dial-up
    connection, the HOSTS file works well, the site is blocked.
    If a computer is part of LAN, and accessing Internet through Proxy server,
    the HOSTS file does not work, the site can be accessed without problem at all.
    The HOSTS file supposes to have priority than DNS server, but why it’s not
    working on LAN?
    Thanks in advance
    Mark Zhang
     
    Mark, Aug 27, 2004
    #1
    1. Advertisements

  2. Mark

    Roger Abell Guest

    If you have a proxy server then use the proxy server to control
    access to different sites.
    The issue of you post has nothing what-so-ever to do with DNS
    server, only with client behavior.
    When a client is not a proxy client it does its own name resolution,
    and so it will/may use its own hosts file. If it is a proxy client then
    it has handed over all responsibilty for resolving names not in the
    Lat to the proxy server.
     
    Roger Abell, Aug 27, 2004
    #2
    1. Advertisements

  3. Mark

    Jeff Cochran Guest

    WINS or other NetBIOS resolution?

    FWIW, Hosts works as it should on our network systems.

    Jeff
     
    Jeff Cochran, Aug 27, 2004
    #3
  4. Mark

    Mark Guest

    "The Hosts file contains the mappings of IP addresses to host names. This
    file is loaded into memory at startup, then Windows checks the Hosts file
    before it queries any DNS servers, which enables it to override addresses in
    the DNS."
    The above is from this site http://mvps.org/winhelp2002/hosts.htm.
    Can anyone explain why it's not working?
    Thanks
     
    Mark, Aug 28, 2004
    #4
  5. Mark

    Roger Abell Guest

    Because the machine is a proxy client.
     
    Roger Abell, Aug 28, 2004
    #5
  6. Mark

    Mark Guest

    Thanks Roger. But when you think there are thousands of entries to put into a
    block policy of a proxy server, it is a bit frightening.
    Mark Zhang
     
    Mark, Aug 28, 2004
    #6
  7. Perhaps you should then look at an allow based policy ?
    I was not aware until now that you run the proxy, rather than being
    someone dealing with wanting to enhance the privacy of their machine.
    That list is maintained by MVPs that primarily deal with home systems.
    In a hosts file to block with that technique, say dblclk.net (I think that
    is
    fictional) you would need an entry for ad1.dblclk.net, ad2.dblclk.net, etc.
    You should be able to make a rule in proxy however that wildcards it
    for all of dblclk.net.
    Check the network, depending on your brand of proxy, there may be
    someone maintaining just what you need - and there are also subscription
    based services for some.
    It is a long shot, but depending on proxy brand and how it uses DNS
    it might work to just use the host file on the proxy machine.
     
    Roger Abell [MVP], Aug 28, 2004
    #7
  8. Mark

    Mark Guest

    Thanks gain Roger. We have MS Proxy 2 (still) and ISA and squad on Linux
    later on difference sites. I will try the hosts on Proxy, and any other help
    from Internet.
    Mark zhang
     
    Mark, Aug 29, 2004
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.