[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Does "ping <FQDN>" attempt to use the local hosts file for resolution of <FQDN> when the DNS Client service is not running?

Posted on 2008-06-10
Medium Priority
Last Modified: 2008-07-26
Hello DNS Experts:

I am trying to get broader confirmation for something that I have tested on a couple of platforms, and for which the online documentation seems to be either somewhat vague or in error. Perhaps someone can correct me if this assumption is incorrect.

I have tested this on Windows XP with SP2, and on Vista, and have concluded that 'ping <name>' uses the hosts file even when the DNS Client service ('dnscache') is not running. If someone can definitively prove this to be false, that would be sufficient as an answer.

Otherwise, what I am looking for is either:

  a) is the behavior different for Windows Server 2003, Windows Server 2008 or for XP or Vista with a different service pack level? I.e. - show me a case where name resolution *does not* use the hosts file when the DNS Client service is stopped.
  b) Is there some registry setting or other condition on the DNS client that would prevent the DNS APIs from using the hosts file when dnscache is not running?

I am making the assumption that ping relies on the standard DNS resolution process for <name>, and that this implies that the DNS APIs are used. I am only in interested in the case where NetBIOS name resolution is not a factor - i.e. a FQDN is used.

I am familiar with the following articles, which either do not address the question directly or seem to imply the opposite - that the hosts file is not used when the dnscache service is not running:

TCP/IP Fundamentals for Microsoft Windows - Chapter 7 - Host Name Resolution:

"How DNS query works" (Windows Server 2003)  http://technet2.microsoft.com/windowsserver/en/library/0bcd97e6-b75d-48ce-83ca-bf470573ebdc1033.mspx?mfr=true

I did the following test to arrive at the conclusion that the query for <name> *can succeed* even when the DNS Client service is stopped (where <name> is an FQDN and there is not a valid local DNS server setting).

Platform/environment: Windows XP, Service Pack 2

// Start with a machine that has a hosts file with no user-defined entries. In a command window do the following (not all steps are essential)

cd C:\WINDOWS\system32\drivers\etc
type hosts // verify that it only contains the following entry:       localhost
ipconfig /flushdns  // verify that it responds with "Successfully flushed the DNS Resolver Cache."
ping ns1.google.com   // save the IPv4 address (
ping ns2.google.com   // verify that this succeeds
ipconfig /displaydns  // verify that there are A (Host) records for ns1.google.com and ns2.google.com
ipconfig /flushdns  // (redundant)
net stop dnscache  // verify that it responds with "The DNS Client service was stopped successfully."
// Now add the following entry to the hosts file ('notepad hosts') and save the file to its original location:       ns1.google.com
ipconfig /all   // get the name of the relevant interface, e.g. "Local Area Connection"
netsh interface ip show dns "Local Area Connection"
// if it shows "DNS servers configured through DHCP:" do the following:
  netsh interface ip set dns "Local Area Connection" static  // or use any IP that is not a valid DNS server address
// else  // static, not dhcp
  netsh interface ip delete dns "Local Area Connection" all
ipconfig /all   // verify the DNS server setting
ping ns2.google.com  // this should fail with "Ping request could not find host ns2.google.com. Please check the name and try again."
ping ns1.google.com  // if this succeeds in resolving the name ("Pinging ns1.google.com ...) -->> ** THEN THE HOSTS FILE MUST HAVE BEEN USED **
// Test completed: restore local settings:
// Restore DNS server setting for "Local Area Connection"
netsh interface ip set dns "Local Area Connection" dhcp
// Start the DNS Client service
net start dnscache
// ** end of test **

Question by:GlennH759
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 11

Expert Comment

ID: 21755985

answers SOME of your questions
LVL 77

Expert Comment

by:Rob Williams
ID: 21756045
Windows name resolution for DNS uses numerous methods. The order is as follows as I recall:
DNS name resolution:
Hosts file | DNS | DNS cached names | WINS | Broadcasts | LMHosts file
NetBIOS name resolution:
NetBIOS name cache | WINS | Broadcasts | LMHosts file | Hosts file | DNS

So to answer your question ping will use Hosts file.

Author Comment

ID: 21757000

Thanks for the link, however I am looking for documented sources - either from Microsoft that I have overlooked, or from DNS experts that can confirm this behavior based on their experiences in troubleshooting with this technique across Windows platforms, i.e. stopping the DNS cache service.


My question was not about the general name resolution order when dnscache is available. To rephrase:  is 'hosts' used when dnscache has been stopped?
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LVL 77

Accepted Solution

Rob Williams earned 1336 total points
ID: 21757019
>>"To rephrase:  is 'hosts' used when dnscache has been stopped?"
Yes, but presumably there are no entries present to use, unless you have added them.

Author Comment

ID: 21757133
That's exactly the point - see my test steps above - e.g. I added an entry for ns1.google.com to 'hosts'.

Perhaps I can clarify my purpose in asking the question:

First, to give correct advice to some of the askers on this forum who have run into specific problems with resolution where they are using a hosts file and where there may be problems with the dnscache service. Is it sound to advise them to stop the dnscache service so that they can determine if resolution is failing or succeeding when only the hosts file is a factor? (besides NetBIOS, remote DNS, etc.)

Frankly I believe that the earlier Microsoft documentation has caused some confusion in this area so that people assume that they must have the DNS cache service running in order to do name resolution. Thus you see people overusing 'ipconfig /flushdns', restarting, etc. when they could simply 'net stop dnscache', in order to eliminate this as a factor/possible cause of the problem.

Secondly this relates to a software project that is currently under development - I need confirmation of exactly what happens in the scenario I outlined above.

Author Comment

ID: 21757170
Here are two of the questions where stopping the dnscache service but knowing for sure that the hosts file is used could be helpful for troubleshooting:

DNS Not reading Hosts file  

Host file not read. After reboot it's ok again  
LVL 77

Expert Comment

by:Rob Williams
ID: 21757199
I am not sure I follow. Have you found a problem with basic resolution?
You do not need DNS cache, for that matter you could eliminate several services. DNS name resolution tries to resolve a name in the order I provided above. If one fails, it moves to the next. Also in this day and age, though a Hosts file works, why would anyone use it?
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 1336 total points
ID: 21757211
I think you will find most times when a Hosts file is not read it is due to being improperly configured. The hosts file is quite fussy and simple things like failure to add a carriage return will cause it to fail.

Author Comment

ID: 21757442
"Have you found a problem with basic resolution?"
- No, please see above.

Can anyone else confirm what I am looking for based on their experiences in this area? I would like an anwer in specific terms that responds to the question as I originally described it.

LVL 79

Assisted Solution

lrmoore earned 664 total points
ID: 21785466
Perhaps I can throw some technical information into this thread as an outside observer....I think I understand the question, but if I'm off base, then please forgive me...

Microsoft is what it is and has never been consistent or adhered to RFC standards. Ping uses a different mechanism for name resolution than applications like IE does. If I can ping something by name but can't open a web page to it, it's an application issue with IE. There are examples all over the net on how to fix IE if it won't resolve.
Ping uses windows sockets whereas an application calls the API gethostbyname (as in the case of Internet Explorer).
Stopping the dnscache doesn't stop the system from resolving. Earlier versions of Windows prior to 2000 didn't even have a dnscache service (answers question a). Windows Vista and Server 2008 have totally re-written TCP/IP stacks, but as you witness, the behavior is the same.

So, this also answers question b) in that there is not any condition at all that will prevent the use of the hosts file, therefore actually proving that Glenn is right in his initial assumptions.

Rob's response here was also right on the money and direct to the point. "YES" is the answer. Period.
      >>"To rephrase:  is 'hosts' used when dnscache has been stopped?"
      Yes, but  . . .

Rob was also right on the money when he pointed out that errors in configuring the hosts file contribute to unexpected behavior. Little things like forgetting the carriage return at the end, or forgetting to remove the .txt extension. The Wikipedia article also addressed the fact that the hosts file is loaded into cache at startup and even after a /flushdns it is re-loaded into cache based on some registry settings

Glenn, you might find something more definitive in one of these links

Good section on troubleshooting name resolution:

In all my years of being a top-gun network troubleshooter, I've never run into a situation where it made any difference whether or not the Microsoft system in question exhibited what I think you believe to be anomolous behavior, and no, I've never tried your experiment because I've never had a reason to. There are better tools like netdiag, as long as you understand that ping and other standard TCP/IP applications use a different resolver method than do applications that use gethostbyname API.


Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question