The Mac OS X hosts file
Introduction
The hosts file...
- doesn't have an extension, its just called hosts
- is a text file that maps hostnames to IP addresses
- is checked before the active network connection's DNS servers
- is located at /etc/hosts, which is a symbolic link to /private/etc/hosts
Editing the hosts file
Editing the hosts file in Mac OS X is a pretty easy task, especially if you are familiar with the terminal.
1 Open the Terminal.app
Press ⌘-space and start typing terminal, or navigate to: Applications ➤ Utilities ➤ Terminal
2 Open the hosts file
Enter the following command in Terminal to open hosts in a text-editor:sudo nano /etc/hostsEnter your (admin) user password when prompted.
3 Edit the hosts file
The hosts file contains some comments (lines starting with the # symbol), as well as some default hostname mappings (one per line), entered as IP address followed by one or more hostnames (e.g. 127.0.0.1 localhost).Append your new mappings underneath the existing ones. Navigate using the arrow keys, leave space between fields, and make sure there is an empty blank line after the last entry. Here we'll add ucm0.pbxbook.com:
We can also use the hosts file to block access to websites! Make an entry like: 127.0.0.1 facebook.com to locally block facebook (for example), or enter: 157.166.226.25 facebook.com to direct facebook requests to cnn.com.
4 Save the hosts file
When done editing the hosts file, press Ctrl-o to save the file.
Press enter on the filename prompt to leave it unchanged, and Ctrl-x to exit the editor.
5 Flush the DNS cache
Enter the following command (Big Sur) to flush the DNS cache and activate the changes:
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
For older OS X versions, refer to: https://support.apple.com/en-ca/HT202516You can now test your new mapping with
ping mypbx.com
, or by entering the URL in a browser window!Use
dig
, ornslookup
with a URL to see if it's resolved.
The standard hosts file:
If you need restore the hosts file, here's the original:
## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost
To restore, the above, open Terminal, and type: sudo pbpaste > /etc/hosts
How to make the internet not suck (as much):
You can use a custom hosts file as a simple ad-blocker while surfing.
http://somebodywhocares.org offers a custom hosts file as "an easy and effective way to protect you from many types of spyware, reduce bandwidth, prevent pop-up traps, prevent user tracking, and block most advertising you would otherwise be subjected to on the Internet."
Download their custom hosts file, rename and copy it to /etc/hosts.love
Install by swapping the active and inactive files (remember, the active file is always hosts):
sudo cp /etc/hosts /etc/hosts.original sudo cp /etc/hosts.love /etc/hosts
Or, write the hosts file directly with curl
, for example:
sudo curl https://someonewhocares.org/hosts/ipv6zero/hosts/ -o /etc/hosts
- 0.0.0.0 is NXDOMAIN (non-existent domain) - this will sinkhole requests
- Some lists use 127.0.0.1 (localhost) which exists, and will probably not respond, adding delay
- Remove 'ipv6' from someonewhocares.org/ URL for an IPv4 only version
Flush the DNS cache to activate the new hosts file:
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
Once installed, you'll find that your surfing experience improves, your breath becomes more lovely, and the world transforms into a gentle place full of unicorns and love. If this is your thing, check back with someonewhocares regularly for their latest download.
Stealth Mode
OS X has a built-in Firewall, and one of the options is Stealth Mode. If this option is checked, the Mac will not respond to PING's.
To allow a network PING response (including localhost):
- Open: System Preferences ➤ Security & Privacy ➤ Firewall ➤ Advanced.
You may have to authenticate (click the padlock) with your Admin password to enter the Advanced features. - Uncheck Enable stealth mode.
Don't forget to re-enable stealth mode when you connect to the internet.