The whole DNS thing is confusing!

Discussion in 'other software & services' started by ratchet, Jul 18, 2008.

Thread Status:
Not open for further replies.
  1. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,908
    I've been using OpenDNS for about a year now. Speed wise, it didn't seem to change anything but seemed like maybe it was safer. Now I have a question! If I download the mvps Hosts File would that conflict or would there be any advantage to it? Thanks!
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I don't use those DNS services, but it goes something like this. Bear with me if you know this.

    Internet is based on ip addresses. 65.66.67.68. Humans can't memorize all of those, so we made a name to address convention, called the Domain Name System. So in effect, somewhere, numbers to ip's are kept track of.

    Such as google.com = 64.233.187.99. BUT, this is only the beginning. Most large ISP's or what have you, buy a NetBlock. Or, a large group of ip addresses, say from 22.22.22.22 to 22.22.33.33. That means they can assign many different names to themselves because they have many ip's to choose from. For instance just looking up google.com provides this: 72.14.207.99, 64.233.167.99, 64.233.187.99 Notice that these are not in a Netblock. Many times you would see something like this
    google.com = 22.22.22.21, 22.22.22.28, 22.22.29.1
    or you might see that google.com is only one of many 'google' addresses, such as
    ads.google.com
    mail.google.com
    garbage.google.com
    money.google.com

    Meaning, there are many things to keep track of in the DNS system. What these DNS services do is try to keep an updated list of the names to ip's that are known to be bad.

    Your internet provider gives you a DNS server of thiers for your computer to look to. It is in your town, maybe down the street at thier office (usually). So when you type in google.com, it is very fast to get to thier DNS server, you recieve the converted IP back, your browser then goes off to that ip address and does it's thing.

    The OpenDNS service is doing the same thing, except it does not give you bad IP's, only non-bad ones. I am not sure how it does this, whether it returns nothing, or returns microsoft.com instead. It does not matter, because the end result is that by using that service, your browser will attempt to look up that ip and not go to bad places.

    The hosts file is simply a file on your computer that has an ip address and a name to go with it. It is used to do a 'local' DNS lookup on your machine. If you were to put in
    72.14.207.99 google.com
    into your hosts file, it looks there first, sees that ip for google.com, and promptly uses it as the address to go to. Does not matter if it is the right address or not, because it just does what it is told.
    If you put in
    127.0.0.1 google.com
    into your hosts file, your computer will not go anywhere, because that ip address is what is called 'localhost', meaning your own computer. So you can easily block an address by pointing to yourself.

    What the hosts lists do that you can download is put many many 127.0.0.1 entries to bad websites, such as ILovePorn.com. This way your browser or whatever won't be able to go to that name, because it leads it right back to itself.

    Very large hosts file used to slow your browsing down quite a bit. I have not used a large one in a long time, so I don't know if todays computers still suffer from tht or not.

    HTH.

    Sul.
     
  3. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,908
    Thank you Sully! You explained that very well. I'd say you have also basically talked me out of a hosts file. I surf safe and have great security apps, not limited to Sanboxie and NOD32, to name two!
     
  4. dogma

    dogma Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    138
    There are more advantages in using a hosts files such as blocking adverstisements (pop-ups, banners, etc), which is the reason I use it. MVPS hosts blocks most annoying ads aswell.

    Thus you may want to reconsider.
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I am glad you found that useful. I was not trying to talk you out of it, only explaining it. Indeed a hosts file can be very useful. I put a lot of common addresses in there that I want to block, mostly related to application on my computer like games etc.

    I think that some of the firewalls that do dns caching and ad/content blocking are more than enough to handle what a hosts file would do.

    For me I have been using the Proxomitron for so long that I don't see any ads or popups anyway, so a hosts file would be pretty much useless for that.

    Sul.
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I use MVPS HOSTS file, keyed to 0.0.0.0 instead of 127.0.0.1. Works grrrreat at what it's designed to do. Just an added layer, of course.
     
  7. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Hmm. I have never tried it to 0.0.0.0. I wonder what the difference is. Any performance difference?
     
  8. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,908
    with Firefox's Adblock Plus I basically don't get any of those things. I knew you weren't trying to talk me out of it, I just kind of came to that decision.
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    It has a performance difference on my machine. When using 127.0.0.1, some links (counters, ads, etc) that got blocked caused my browser to keep struggling to load them. Using 0.0.0.0, there was no struggle, so my browser performed faster.

    Some benefit from 0.0.0.0. Some do not. It worked for my computer/browser. As to YOUR computer/browser -- give it a try.
     
  10. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Hmm. I have not looked into hosts files much at all. I know how to use mine, and have downloaded lists in the past. Mapping to endpoint 0.0.0.0 surely sounds like not only quicker resolution, but also could have a large benefeit for myself using proxomitron, as it uses localhost loopback quite a bit. Instead of possible waiting on a timeout which I would assume would occur, routing to endpoint 0.0.0.0 I would imagine to be very fast, as it is not technically routable except in broadcast events.

    Interesting.

    Sul.
     
  11. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I use a managed HOSTS file. In the past, I have used the MVPS version. Lately, I've been running the hphosts one. I use HostsXpert to make it all come together a little easier...
    http://www.funkytoad.com/content/view/13/31/
     
  12. Cloudcroft

    Cloudcroft Registered Member

    Joined:
    Feb 29, 2004
    Posts:
    433
    Location:
    The Hill Country of Texas
    Han, do you have the DNS Client service enabled, or disabled when using a HOSTS file?
     
  13. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I run mine disabled. I never bothered to do any objective tests to see if on or off was better. From what I've seen, many HOSTS file gurus recommend it to be off. Since I'm no expert at all, I followed their advice...
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,

    Calling anyone using hosts file a guru is ... well, misleading.

    DNS client service should not be disabled and hosts files should not be used for several reasons:

    1. Hosts files are slow compared to DNS, linear versus logarithmic.
    2. Hosts files were historically replaced by DNS as the method of name resolution.
    3. Finding errors in hosts file is near impossible.
    4. Disabling the client service increases the load on the DNS server significantly, thus creating more lag when you surf, increases the cost of the Internet because the ISP have to spend more money on infrastructure and bandwidth.
    5. Their positive effect of "preventing" "bad sites" is very small. Let's say you block 1,000,000 sites. So what? There are 10 billion sites out there! At most, you block 0.1%. And the sites change all the time, their names, domains expire, new ones are born, especially the fishy ones. Plus why would anyone wanna go to pokerxxx.com or something like that? And even if you did land on a site like that? What's gonna happen? Nothing,.

    Using hosts files is an antique method, it may have been useful in 2002, when the only option was IE and lots of "spyware," but since, especially if you use intelligent browsers like Firefox or Opera, the method is as redundant and useless as real-time anti-spyware.

    Mrk
     
  15. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    A- Mrk, most Wilders denizens who use HOSTS do NOT use it for name resolution. Instead they (like me) use it for ad-block & as a minor security hedge. To wit:

    1- A HOSTS file can speed the loading of web pages by not having to wait for ads, banners, hit counters, etc., to load. Another use of the host file is to block known dubious or criminal domains and servers (with spyware and other malware).

    2- Most ad-blocking programs will only intercept IP calls going to the HTTP (or web) port on your computer. Other transfers can still get through. The Hosts file, however, will block IP calls on any port, whether it is HTTP, FTP, or whatever else you happen to be doing.

    3- By intercepting the IP calls before they ever leave your computer, the Hosts file can prevent advertising and tracking companies from ever even knowing you are viewing a web page. This will keep them from profiling you and help you keep your privacy.

    B- Merely using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another "Layer of Protection".

    C- Comparing modern-day use of HOSTS to Windows DNS client is not very applicable. It would be perhaps more accurate to compare its use to applications like McAfee Advisor, or the Adblock plug-in for Firefox. If one uses those two apps (or something equivalent) then using HOSTS truly would be redundant. Otherwise, not.

    D- Mrk, a more significant reason to advise against use of HOSTS is that a number of middle-aged threats target HOSTS so as to hi-jack it & use it for malicious purposes, such as redirecting a request for Google to send the user to a pseudo-Google site loaded with nasties.

    1- For example, a trojan (Qhosts) redirected traffic from search engines such as Google and AltaVista to a "poisoned" site. Mydoom.B redirected users away from sites about computer security and antivirus software, which also affected their access to the Windows Update web site.

    2- Accordingly, some security apps include protection for HOSTS (examples: OnlineArmor, WinPatrol); some rule-based HIPS are (or can be) configured to protect HOSTS.

    E- ERGO, if someone uses HOSTS it might be more appropriate to find out their PURPOSE in using it BEFORE lecturing them on using it for name look-up.

    F- Further, it could be helpful to counsel users of HIPS to ensure it is protected from pollution, more so than simply comparing it to Windows DNS client et alia.
     
    Last edited: Jul 20, 2008
  16. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Mrk: Hopefully I won't duplicate much of bellagmin's reply but I wanted to respond. :)

    I can't say you're wrong here at all. All I can say is that I noticed no difference.
    In a specific sense, I can't agree here. If the HOSTS file was "replaced", it seems that it would not be in Vista (which is as up to date as we have.) In a broad sense, I do see your point. The importance of the HOSTS file as a name resolution source was reduced when DNS was finally implimented as it now exists.
    IMO, this depends on the source of the error. Files obtained from MVPS or hphosts are ran by thousands of users. Any issues in them are corrected quickly and most users of those files never see any errors. As for other sourced HOSTS files, errors in them are certainly possible. The difficulty of finding those errors likely depends on the type of error and the size of the file being used. Programs like HostsXpert make searching HOSTS very simple and quick. And even good old Notepad doesn't really do too bad either.
    As I noted above, I haven't seen this on my PCs. I also question the extra cost issue. THE sources for DNS are top level domain servers and ISP DNS servers. Not client PCs. If I understand the process correctly, unless a PC goes to the same website over and over within a 24 hour period (which it's my understanding is the normal caching period for the Windows DNS client service), DNS is always outsourced to the web. So to me, it seems little would change from the perspective of the web-based DNS servers.
    While you're right that there are tons and tons of sites, there are a known number of bothersome ad serving, cookie tracking, malware infecting sites that would be best avoided. And if we can target the worst ones, why not? I do not agree that all undesirable sites are should be weighted equally. Some are more egregious than others. These are the sites that a managed HOSTS file can be of service with.

    FWIW, I'm not really trying to convince you to change your opinion. I just wanted to point out that there is more than one way to look at all this... :)
     
  17. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hi,

    Guys, I said the load at the SERVER side.

    And name resolution is always done when you go to the web, unless specific sites are already resolved and kept in your cache. By disabling the DNS client, you increase the load on the server - simple. It's beyond the box on your desk.

    Second, you cannot argue whether the hosts file were replaced by DNS. They were. That's a part of the IT history.

    And regardless of what you use the hosts file for, the end result is the same, a great increase in server load for a few pages blocked, which you can simply deny using a good browser.

    Mrk
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Gosh Mrk, give it up. You have made your point -- multiple times, multiple threads. Read what I wrote. The thread about disabling DNS client was another thread -- this ain't it so you're OT.

    Further, the Windows DNS Client is NOT the issue. As to DNS servers, they are light years faster, with far greater capacity, than was the case when the articles you copied were written. The combined load imposed by people using HOSTS doesn't amount to a flea's fart in a tornado.
     
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,

    I'm not sure I'm following you ...

    1. What articles copied?
    2. Not sure about flea's fart, but every little bit counts... you don't feel the spam when you send your mails, still it's 90% of the traffic.

    Mrk

    P.S. If you get pissed by what I write - or do not like it, there's the ignore option in the user cp ...
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Never Mrk. I enjoy reading your comments, even the ones I disagree with. If I made you think otherwise, please accept my heartfelt apology.
     
Loading...
Thread Status:
Not open for further replies.