Re: Why doesn't NetBSD recognize my entries in /etc/hosts?

[Johnny Billquist <bqt%update.uu.se@localhost>]

On 2015-09-16 21:30, Ottavio Caruso wrote:
> On 16 September 2015 at 19:06, Johnny Billquist <bqt%update.uu.se@localhost> wrote:
> > On 2015-09-16 19:09, Ottavio Caruso wrote:
> > > RE: http://mail-index.netbsd.org/netbsd-users/2014/04/27/msg014543.html
> > >
> > > I put domains that I want to block in /etc/hosts preceded by 0.0.0.0
> > > but I can still ping them.
> > >
> > > I rebooted, but I can still ping them.
> > >
> > > Then I have mass-changed all entries from 0.0.0.0 to 127.0.0.1 and I
> > > can still ping them.
> > >
> > > Rebooted, same thing.
> > >
> > > Why can I do this effortlessly with Windows and Linux but not with NetBSD?
> >
> >
> > First of all, using /etc/hosts as a way of block domains is extremely
> > unreliable and not really a meaningful way of actually block anything.
>
> Why? It works on other platforms?

Depends on what you mean by "works". Changing things in /etc/hosts does 
not prevent me from reaching any of those places. It just prevents me 
from using those specific names for reaching them. What are you trying 
to do? Just prevent local users from using the domain names? Because 
that is all you can hope to accomplish. And it also depends on whatever 
application we're talking about also not trying to do DNS lookups on its 
own, totally circumventing any reference to the local /etc/hosts file.

> > Second, I guess you haven't heard of /etc/nsswitch.conf. It also exists in
> > Linux. It tells which methods are used, and in which order. It might be that
> > you have dns before files.
>
> I've checked my nsswitch.conf, it's files before hosts
>
> > Changing a destination to 127.0.0.1, and then pinging it, why would you
> > expect it to not work. 127.0.0.1 will most likely respond to pings.
> > Pinging 0.0.0.0 will also give some result. Most probably your default
> > gateway machine.
>
> Yes, I didn't express myself correctly. I meant that I ping the
> original host, not 127.0.0.1.
>
> BTW, rebooting TWICE produced the intended result. I wonder why I had
> to reboot twice.

That sounds extremely strange.

> > Maybe you should try and learn about /etc/hosts.deny as well as ipfilters?
>
> But again, why?
>
> If I have a list of 300 domains to block, this would not be practicable.

The question is - what do you actually want to do. And how it entering 
them all in /etc/hosts any more practicable than using /etc/hosts.deny?
But it do achieve different goeals. /etc/hosts.deny will stop any 
connections *from* those places, but will not prevent local users from 
contacting those places.
But, like I said, /etc/hosts do not stop you from accessing anything. 
It, at most, will prevent your usage of certain domain names.

	Johnny