Give precedence to hosts file over DNS for name resolution

asked 2022-05-03 14:46:38 +0000

atrain1111
1 ●1 ●1

updated 2022-05-03 16:43:56 +0000

13742 ●710 ●115

Is there a way, maybe feature needed, to give name resolution precedence to the locally created hosts file over DNS discovered A records?

If I've predefined the name in hosts, it's more readable than the equivalent DNS discovered FQDN and I'd like to give my given name in hosts file priority over the DNS discovered FQDN.

You can disable use of DNS but I need to use both with priority given to local hosts file.

edit retag flag offensive close merge delete

Comments

"hosts file" - do you mean the Wireshark hosts file or the operating system hosts file?

Chuckc ( 2022-05-03 20:31:39 +0000 )edit

the Wireshark hosts file

atrain1111 ( 2022-05-04 00:54:55 +0000 )edit

"DNS discovered A records" - does that mean records from captured DNS packet data or queries to external network name resolver?

Preferences/Name-Resolution (WSUG doesn't have all Preference pages - added to Wiki)

Chuckc ( 2022-05-04 02:02:14 +0000 )edit

Is your hosts file in the Global config folder or in the profile folder? The WSUG and man pages say that one will be read from the Personal config folder but that's incorrect.
You can verify that the host file is read in properly by starting the Wireshark Gui then looking at:
Statistics -> Resolved Addresses and change All entries to Hosts.
If the host file was read properly, the host entries will be in the table.

Chuckc ( 2022-05-04 03:16:36 +0000 )edit

hosts file in personal config folder works fine. The discovered FQDNs via DNS pkts in the pcap works as well. If IP is defined in hosts file and also in the DNS pkts in pcap the DNS pkt discovery takes precedence over hosts file. I want the personal hosts file to be top priority. I can turn off usage of DNS pkts in pcap for name resolution but I do need that functionality for those IPs that are not in the hosts file.

atrain1111 ( 2022-05-04 15:19:09 +0000 )edit

add a comment

answered 2022-05-04 16:38:41 +0000

Chuckc
3023 ●6 ●608 ●20

updated 2022-05-04 16:40:02 +0000

This would be a new feature or Enhancement request. They are created on the Wireshark Gitlab Issues page. (If you open an issue please add a link back to this question.)

What's happening:
Last one in wins. This is how the global hosts file is superseded by entries in the personal hosts.
When an entry come in from DNS it updates the hash table.

What you're looking for is sort of like nsswitch.conf setting the order or precedence of checking. I'm not sure if this would need to be another Name Resolution preference or if hosts entries always win.

The address hash table hashipv4_t (wtap.h) does have a flags field that might be used to implement this. If an entry is added in read_hosts_file(), set the flag bit so the entry is not updated by DNS.

packet-dns.c:

    case T_A: /* a host Address (1) */
...
        add_ipv4_name(addr_int, name);
...
    case T_AAAA: /* IPv6 Address (28) */
...
        add_ipv6_name(&addr_in6, name);

addr_resolv.c:

add_ipv4_name(const guint addr, const gchar *name)
...
    tp = (hashipv4_t *)wmem_map_lookup(ipv4_hash_table, GUINT_TO_POINTER(addr));
    if (!tp) {
        tp = new_ipv4(addr);
        wmem_map_insert(ipv4_hash_table, GUINT_TO_POINTER(addr), tp);
    }

    if (g_ascii_strcasecmp(tp->name, name)) {
        (void) g_strlcpy(tp->name, name, MAXNAMELEN);
        new_resolved_objects = TRUE;
    }

edit flag offensive delete link

Comments

Thank you Chuck. I went ahead and submitted issue #18075

atrain1111 ( 2022-05-04 18:06:38 +0000 )edit

add a comment

Give precedence to hosts file over DNS for name resolution

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Give precedence to hosts file over DNS for name resolution edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Give precedence to hosts file over DNS for name resolution