hosts does not prevent you from connecting to the site, it only prevents the domain name lookup, you would still be able to connect to the IP.
Yes - I type a name in the browser, DNS lookup happens and gets redirected to 127.0.0.1 by the entry in the hosts file. That’s the same as what the other guy is doing.
So why doesn’t this happen in Qubes, and especially why is it documented in material on config and rc.local?
There have been issues in the past with firefox and the hosts file, but these
have been resolved.
This works for me with Fedora and Debian disposables, and up to date
firefox.
The dispvm gets its /etc/hosts file from its disposable template, e.g. fedora-36-dvm and that qube gets it from its template, e.g. fedora-36. So, if yyou put your /etc/hosts into that template, it works definitely.
No idea, where you should put it if you’re using rc.local, but I remember having trouble with that file some time ago.
@unman@enmus copy of the hosts file is in the original post. Changes are in rc.local on the template (fedora-36-dvm) and appear faithfully in the dispVM’s hosts file.
It just doesn’t work.
i.e, I can open the hosts file in the dispVM itself, and I can see the correct edits sitting there, they just don’t seem to be having an effect.
@GWeck I think that changes to the hosts file in the template weren’t copied into the dispVM. That’s why I had to use rc.local.
This can’t or at least shouldn’t be. That would be the very starting point to investigate. Put it in the template, and create new dvm-template and try new dispVM.
Of course, but I’m not sure we can check if it has extra spaces or tabs, so expected answer should be - yes or no.
I can confirm that they weren’t copied from the template into the dispVM. Very confusing to me. The only way to get the new rules put into the dispVM hosts file was by using rc.local.
I seem to be periodically locked out of the server, (I can’t even copy my words out of this text box), so let’s see if this post works.
@unman Yes! Have found that wget will obey the host rules while Firefox does not.
Figured it out: I use Mullvad VPN,and they recommend using a SOCKS 5 Proxy to enhance their service. Their instructions include to switch on “Proxy DNS when using SOCKS v5”. This is what is bypassing the hosts file rules. (It will also bypass their apps’ own Block list).
When DNS is not proxied, host file rules are obeyed.