Faking DNS

Or, how to fool your system into thinking a host name is in DNS.

Why you would want to do this?

Given the amount of time it can take to get DNS records added, modified or removed in some enterprises, the need to configure and test systems before DNS is changed occurs quite frequently.

This article provides a procedure to fake a DNS entry to address that need.

Basic Concept

All Unix and Windows hosts resolve friendly host names to IP addresses by first reading their hosts file and if no answer is found there, then performing a DNS lookup.

As a result a new host name that is not yet in DNS can be made resolvable by modifying that hosts file to add the new value there. Finding the name requested, the system will never be the wiser that the name is not in DNS.

In many cases getting this to work correctly requires that the change be made both on the target server and the client, so that both are “talking the same language” when it comes to what name resolves to which IP.

For example, if you need to resolve a web site named ourtestweb.example.com to the IP address for server host111.example.com before a CNAME for this is created in DNS, you can modify the server and client hosts files to add it, thus:

192.168.11.200 host111.example.com host111 ourtestweb.example.com 

In cases where a new A record is to be added you would simply list the new IP with the new name, thus:

192.168.11.200 host111.example.com host111
192.168.11.222 ourtestweb.example.com

Because DNS is being bypassed as the result of using a modified hosts file all aliases (CNAMEs) for the host should be included, not just the one you’re immediately interested in. In the example given above the host also has ourtestweb.example.com as an additional alias. To accommodate that the hosts entry would need to look like this:

192.168.11.200 host111.example.com host111 ourtestweb.example.com ourtestapps.example.com

On the Server

Modifying the hosts file on Unix server requires root access. The file to be modified is:

/etc/hosts

On the Client

Windows XP

On Windows XP you need to be in the local Administrators group to modify the hosts file, which is found here:

c:\windows\system32\drivers\etc\hosts

For the example given above the line to be added to the Windows hosts file would be:

192.168.11.200 host111.example.com host111 ourtestweb.example.com ourtestapps.example.com

Windows 7

The hosts file is located in the same place on Windows 7 as on Windows XP, but it is difficult to edit due to two security enhancements (required because some malware hacks the hosts file in order to redirect victims to bad places):

(1) It is not visible through Windows Explorer (or the selection menu of editor applications); and

(2) It can only be modifed if the text editor being used has been Run As Administrator.

This can be handled by right-clicking on the icon for Notepad under the “All Programs… Accessories” menu and selecting “Run As Administrator”, and then selecting “File… Open” and typing in the full path to the host file, “C:\windows\system32\drivers\etc\hosts”, in the “File Name” window (do not try to navigate to it using the graphical file browser).

This entry was posted in Security, System Administration, Web on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).