The /etc/hosts, /etc/resolv.conf, and /etc/nsswitch.conf Files

This tutorial explains the purposes and usages of the /etc/hosts, /etc/resolv.conf, and /etc/nsswitch.conf files on Linux. Linux uses these files to resolve domain and host names. Linux checks these files in a pre-defined sequence. First, we will discuss how Linux uses these files. Later, we will learn how to customize the default sequence.

On a computer network, every endpoint uses a unique IP address. Applications that enable communication between endpoints use these addresses to identify communicating end devices. If you want to access a resource available on an endpoint, you have to use its IP address. For example, if you want to access a website stored on a server, you must use the server's IP address.

Generally, IP addresses are difficult for human users to remember. IP addresses consist of numbers. Instead of numbers, humans prefer names to identify and access objects on the network. Let's take a simple example.

You want to access Google's website. Google's website's address is available in three formats: IPv4, IPv6, and name.

IPv4 address:   142.250.195.14
IPv6 address:   2404:6800:4002:826::200e
Name:           google.com

Which format will you use on the browser to access Google's website?

Most of us will use the name (google.com) rather than the IPv4 and IPv6 formats. It is more convenient and easy to remember and use. Computers never use names to access any resources available on the network.

There are two ways to map IP addresses with names.

1. Using the Hosts files
2. Using the DNS server

Using the Hosts files

All operating systems include a file called hosts. You can use this file to map IP addresses and names. When you access a network resource, the operating system checks this file to find the corresponding IP address.

Let's take an example to verify it.

Open the web browser and access the website google.com.

If you can access it, open the /etc/hosts file, add the following lines at the end of the file, and save the file.

127.0.0.1   www.google.com
::1         www.google.com

Now, open the website again.

This time, the website will not open.

Can you guess what happened this time? Why can't you access this website now?

The answer is the wrong mapping of the resource and IP address. We mapped the website google.com with an IP address that doesn't serve it.

The IP addresses 127.0.0.1 (IPv4) and ::1 (IPv6) belong to localhost. We mapped these IP addresses with google.com. When we type google.com in the address bar of the web browser and hit the Enter key, the system checks the /etc/hosts to know the IP address of google.com. If it finds an entry for this name, it uses the IP address that belongs to it. It loads google.com from the local system. Since the local system doesn't have the website google.com, it returns the error Unable to connect.

To fix it, remove the entries you added to the /etc/hosts file and access google.com again. Now, you can access it.

The system follows the same process each time you access a resource using its name. It first checks the /etc/hosts file to know the associated IP address. If it doesn't find an entry for the name, it uses the DNS server to get the IP address associated with the name.

Using the DNS server

A DNS server does the same task on the network that the /etc/hosts file does on the local system. It maps IP addresses to names. However, it does this on a large scale. You can map and manage millions of records on a single DNS server. You can configure and use multiple DNS servers on the network. You can also use an external DNS server. To use a DNS server, you need to configure the IP address of the DNS server on the local system.

Whenever a system needs to resolve a name, it first checks the /etc/hosts file. If it does not find an entry for the name in the /etc/hosts file, it sends the query to the configured DNS server. The DNS server checks its database and provides the IP address associated with the name.

A system sends a query to the DNS server for a resource when it does not find an entry for that resource in the /etc/hosts file. In the name resolution process, the /etc/hosts file has higher priority than the DNS server.

Linux uses the /etc/resolv.conf file to store the DNS server's IP address. It updates this file from network connections.

A connection is a collection of network settings associated with a network interface. When you configure the DNS server's IP address in a connection, NetworkManager automatically updates the DNS server's IP address in the /etc/resolv.conf file from the connection.

Key points:

Since NetworkManager automatically updates the /etc/resolv.conf file, you should not edit this file directly. If you want to configure or update the DNS server's IP address, you should use NetworkManager tools.

Linux uses the /etc/resolv.conf file to forward the unresolved query to the DNS server. The DNS server resolves the query and sends the solved query back to the Linux system.

The /etc/nsswitch.conf file

The /etc/nsswitch.conf file defines the order in which the system checks the /etc/hosts and /etc/resolv.conf files. This file also defines the default search order for many other services, such as hostname, users, groups, passwords, etc.

The hosts directive defines the default search order for name resolution. It has three values: files, dns, and myhostname.

1. The value files stands for the /etc/hosts file.
2. The value dns denotes the DNS server configured in the /etc/resolv.conf file.
3. The value myhostname is the default value. If both the files and dns options don't work, Linux uses this value as the default name for the local machine.

Conclusion

Almost all network services depend on name resolution to access network resources. Linux uses three files in a fall-back sequence to resolve names. In this tutorial, we discussed these files and how Linux uses them.