Browser Hosts File Bypass: How to Test & Fix

TL;DR

Browsers can sometimes bypass your computer’s hosts file, usually due to DNS over HTTPS (DoH) or other advanced settings. This guide shows you how to check if this is happening and what you can do about it.

What is the Hosts File?

The hosts file is a simple text file on your computer that maps domain names (like www.example.com) to IP addresses. It’s one of the first places your computer looks when you try to visit a website. It lets you override DNS settings, which can be useful for blocking websites or testing.

Why Might a Browser Bypass it?

Several things can cause this:

• DNS over HTTPS (DoH): This encrypts your DNS requests and sends them directly to a provider like Google or Cloudflare, bypassing your computer’s usual DNS settings.
• Secure DNS: Similar to DoH, but often uses a different protocol.
• Browser Extensions: Some extensions can manage DNS or block websites independently of the hosts file.
• Proxy Settings: If you’re using a proxy server, it might override your hosts file.

How to Check if Your Browser is Bypassing the Hosts File

1. Edit Your Hosts File: Add an entry for a website you want to block. For example, add this line (you’ll need administrator privileges):

   127.0.0.1   www.example.com

   The hosts file location varies by operating system:

   • Windows: C:WindowsSystem32driversetchosts
   • macOS/Linux: /etc/hosts
2. Clear Your Browser Cache: This is important to ensure you’re not seeing an old cached version of the website.
3. Test in a New Incognito/Private Window: Open a new incognito or private browsing window. This disables most extensions by default.
4. Try Visiting the Blocked Website: If it loads, your browser is likely bypassing the hosts file.

Fixing Browser Hosts File Bypass

1. Disable DNS over HTTPS (DoH): This is the most common fix.
   
   • Chrome/Edge: Go to Settings > Privacy and security > Security. Click ‘Use secure DNS’ and set it to ‘With your current service provider’.
   • Firefox: Type about:config in the address bar (accept the risk!). Search for network.trr.mode and set it to 0 or 2. Also check network.dns.disableIPv6 and ensure it’s set to false if you want IPv6 resolution.
2. Disable Secure DNS: If your browser has a separate ‘Secure DNS’ setting, disable that too.
   (This is often found near the DoH settings).
3. Check Browser Extensions: Disable any extensions related to ad blocking, privacy, or security one by one and retest.
4. Review Proxy Settings: Check your browser’s proxy settings (usually in Settings > System) and disable the proxy if you don’t need it.
5. Flush DNS Cache: After making changes, flush your computer’s DNS cache.

   Windows: ipconfig /flushdns

   macOS: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

   Linux (systemd-resolved): systemd-resolve --flush-caches

6. Verify Hosts File Permissions: Ensure the hosts file has the correct permissions. It should be writable only by root/administrator.

   Linux/macOS: sudo chmod 644 /etc/hosts

Further Troubleshooting

If you’ve tried all of the above and your browser is still bypassing the hosts file, consider these points:

• Antivirus Software: Some antivirus programs include web filtering features that might interfere with the hosts file.
• Router Settings: Your router may have DNS settings that override your computer’s configuration.