20130925 faking dns - plembo/onemoretech GitHub Wiki

title: Faking DNS link: https://onemoretech.wordpress.com/2013/09/25/faking-dns/ author: phil2nc description: post_id: 6406 created: 2013/09/25 12:38:44 created_gmt: 2013/09/25 16:38:44 comment_status: closed post_name: faking-dns status: publish post_type: post

Faking DNS

Or, how to fool your system into thinking a host name is in DNS.

Why you would want to do this?

Given the amount of time it can take to get DNS records added, modified or removed in some enterprises, the need to configure and test systems before DNS is changed occurs quite frequently. This article provides a procedure to fake a DNS entry to address that need.

Basic Concept

All Unix and Windows hosts resolve friendly host names to IP addresses by first reading their hosts file, and if no answer is found there, then performing a DNS lookup. As a result a new host name that is not yet in DNS can be made resolvable by modifying that hosts file to add the new value there. Finding the name requested, the system will never be the wiser that the name is not in DNS (unless it makes checking DNS mandatory, as in the case of some security software).

In many cases getting this to work correctly requires that the change be made both on the target server and the client, so that both are "talking the same language" when it comes to what name resolves to which IP. For example, if you need to resolve a web site named ourtestweb.example.com to the IP address for server host111.example.com before a CNAME for this is created in DNS, you can modify the server and client hosts files to add it, thus:

192.168.11.200 host111.example.com host111 ourtestweb.example.com

In cases where a new A record is to be added you would simply list the new IP with the new name, thus:

192.168.11.200 host111.example.com host111
192.168.11.222 ourtestweb.example.com

Because DNS is being bypassed as the result of using a modified hosts file all aliases (CNAMEs) for the host should be included, not just the one you're immediately interested in. In the example given above the host also has ourtestweb.example.com as an additional alias. To accommodate that the hosts entry would need to look like this:

192.168.11.200 host111.example.com host111 ourtestweb.example.com ourtestapps.example.com

On the Server

Modifying the hosts file on a Unix server requires root (or sudo root) access. The file to be modified is:

/etc/hosts

On the Client

Windows XP

On Windows you need to be in the local Administrators group to modify the hosts file, which on Windows XP can be edited directly with any text editor. That file is found here:

c:\windows\system32\drivers\etc\hosts

For the example given above the line to be added to the Windows hosts file would be:

192.168.11.200 host111.example.com host111 ourtestweb.example.com ourtestapps.example.com

Windows 7

The hosts file is located in the same place on Windows 7 as on Windows XP, but it is difficult to edit due to two security enhancements (required because some malware hacks the hosts file in order to redirect victims to bad places):

(1) It is not visible through Windows Explorer (or the selection menu of editor applications); and

(2) It can only be modifed if the text editor being used has been Run As Administrator.

This can be handled by

(a) right-clicking on the icon for Notepad under the "All Programs... Accessories" menu, selecting "Run As Administrator"; and

(b) then selecting "File... Open" and typing in the full path to the host file,

C:\windows\system32\drivers\etc\hosts

in the "File Name" window (do not try to navigate to it using the graphical file browser, which can't see it).

Copyright 2004-2019 Phil Lembo