Understanding the DNS Resolver Host File
DNS relies heavily upon its caching abilities both on the client and server level. Not only is this essential for basic functionality but it also helps to improve the performance of the protocol. The DNS client cache (also called the DNS resolver cache) stores any query response it receives from a DNS server in its cache.
Each DNS client also contains a static file that contains hostname-to-IP address mappings. This file is called the Hosts file and can be found at C:\Windows\System32\Drivers\Etc. Any entry in this file is automatically preloaded into the DNS resolver cache.
Aside from being a supplement to standard DNS caching, the hosts file has several other uses such as being used to block access to known malicious servers and domains by redirecting those DNS names to known good sites.
The DNS resolver host file is something that can also be a very appealing target to potential malicious activity. This is seen quite often in spyware and adware infections where known good addresses such as www.google.com are redirected to rogue advertising servers.
Chris Sanders is a network consultant for KeeFORCE, one of the most popular network consulting firms in western Kentucky. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at www.chrissanders.org contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.