PDA

View Full Version : Hosts file immunizations bloated with large number hosts no longer resolving



Eastie
2014-09-07, 00:55
Hi,

In the interest of avoiding slowdowns in browsing, I try not to let my hosts file get unnecessarily large. To that end I took a look at the thousands of hosts SS&D is adding to it during immunizations. Name resolution is taking substantially longer than necessary in general, in part because of the many injected hosts which do not have any 'A' Record IP addresses associated with them. That is; they would not resolve in any event, but time is still being taken on a constant basis to sort through one's local "database" that contains them.

I've attached a list of the needless, unresolving hosts: 11775. I found there are at least 10,000 bad entries. This does not include some bad hosts that I removed after the last time I performed a hosts-file review (with less scrutiny) subsequent to a Spybot immunization years ago. [They were blocked from being programmatically re-added.] Additionally, the zip file contains a simple command-line batch tool to verify resolution of an entire hosts file sequentially. It can take quite a long while to run. I suggest replacing one's host file temporarily and entirely with this list of expired hosts, prior to running it. The tool won't remove any entries from your hosts file; it will simply produce a list like mine - perhaps identical to it - within the folder from which it is run, of the expired/needless entries. Please examine the contents of the batch file before running, and you will plainly see that this is the task it performs. (It also describes itself onscreen at the initial run prompt.) It reads the HOSTS file in the default Windows location, ie, %SYSTEM%\drivers\etc\HOSTS.

Feel free to verify this list using the attached tool or by other means and then having done so, please trim your own HOSTS files, local and distributed. A measurable increase in users' local machine performance will result from shorter lookup times - perhaps as much a few seconds on each lookup, multiplied by a large number of lookups during every hour of operation, depending on caching scheme. NOTE: it is possible that some of these hosts (likely very few) will resolve to responding IPs for you even though I cannot find 'A' Records for them, since my DNS resolvers may already be filtering such particular hosts, system-wide.

Thanks!

Eastie
2014-09-07, 01:54
Here is a similar tool to the one in the archive that I attached to the above.

This one does somewhat the opposite of the HostsExpired batch file. That one created a list of unresolvable hosts (ones which cannot appear in DNS), after reading one's installed Hosts file. This one will read a standard hostfile of your choice, and will output a new one with nonresolvers removed. You can then swap it out, if desired, for your existing windows\system32\drivers\etc\HOSTS file. (Remember that you will need Admin rights and will further need to modify folder/file permissions in order to modify or replace the existing system file.)

I hope that makes sense, and that it might prove useful to somebody.

I did not write either of these batch files but found them online several years ago, intended for the specific purposes I have described.

-----------------------------------------------------------------
Admin Edit - Moved from "False Positives" and removed zip attachment from unknown sources. :)

rewriteOnlyResolvableHosts.zip

MrTom0
2014-09-25, 21:05
I never use the HOSTS immunization anymore. It's just grown too large and Windows has issues. Right when you plug in the network cable watch your DNS service spike to 100% for sometimes 20-30 seconds when normally it should only have a little bit of activity for a second or two. It's also affected by everyday browsing by missing packets and dropping pictures from loading. It's especially bad when you try using a MiFi, WiFi, or even dial up. It's grown to what, 450KB?

Anyway, I'm sure everyone already knows this by now. http://www.illinoisloyalty.com/Forums/images/smilies-3/deadhorse.gif