90

Is there a way to create a wildcard domain in the Windows hosts file.

I tried this

xxx.xxx.xxx.xxx *.somedomain.com

This does not work, is there maybe some other syntax I should use?

I am working on Windows 7

Ƭᴇcʜιᴇ007
  • 112,807
Saif Bechan
  • 3,315
  • 1
    i just answered a question on doing this with DNSmasq on ServerFault (not on windows, obviously, but on a router running DD-WRT/OpenWRT it's doable) – quack quixote Apr 28 '10 at 15:19
  • 2
    XP SP2 included a castration of the host file - http://www.securityfocus.com/archive/1/431032/30/0/threaded

    Assumed reason is people were using it to block ads while browsing. This is a guess as far as I know Microsoft has never revealed why they did this and why they are rolling it forward to everything since.

    If you are able to put in a proxy server between your PC and the internet, then you could put in a block for what you wanted.

     – bvaughn Jun 08 '16 at 15:22

5 Answers5

86

There is not. The hosts file isn't very clever, you have to list every subdomain individually (including www and no-www)

Phoshi
  • 23,383
24

An answer to a very similar StackOverflow question worked well for me.

http://mayakron.altervista.org/support/browse.php?path=Acrylic&name=UserManual

Wildcard Support on XP at hostsfile. Enjoy.

Basically, this program Acrylic works as a DNS proxy for your local machine. Just point your Local Area Connection to 127.0.0.1, then edit the AcrylicHosts.txt in a very similar manner to the regular hosts file -- only with wildcards!

Community
  • 1
Curtis Gibby
  • 765
  • 1
  • 7
  • 14
  • 2
    Acrylic works great, but can confuse you if you are trying to access a machine with a dynamic IP address.

    I have machines connected to my home network, and I use a dynamic dns to set the ip for the domain name. I use Acrylic on my laptop and I was gone for a few days, in the mean time my ip changed, but Acrylic remembered it as being the old ip, and I couldn't access the site. But running the "Purge Acrylic Cache Data" program took care of the problem.

     – leeand00 Apr 13 '12 at 17:00
  • Unfortunately acrylic does not support DNS aliases, which makes it useless to me. – Spero Dec 16 '17 at 08:59
  • 1
    I checked Acrylic.exe on virustotal.com and it shows 3 detections: SecureAge APEX - Malicious, eGambit - Unsafe.AI_Score_63%, BitDefenderTheta - Gen:NN.ZelphiF.34106.OGW@aOJ8akl – Mikl Apr 18 '20 at 14:25
  • @Mikl I'm not defending it, it may be dangerous in it's own right but it is also likely that Acrylic sometimes gets bundled with viruses to redirect users' traffic – JeffUK Jan 07 '21 at 08:01
13

Dnsmasq is what you need but it doesn't work quite well on Windows. So I wrote an alternative on Windows called DNSAgent.

You can use regular expression in rules. There is also some advanced features like customizing cache TTL, non-standard-port DNS server, compression pointer mutation, etc. Open sourced under MIT license.

Stackia
  • 230
  • I know the repository is archived now but I still find this quite useful. Could you explain how does the rules.cfg file works? – Joe May 11 '21 at 19:33
2

first, i agree with phoshi that its not possible to do what you want in the hosts-file of windows (neither on unix).

secondly, you have to get control over the result of a request to dns. one option is to use your own dns-resolving on your router (dnsmasq, dnscache+tinydns, bind, whatever, see quack's comment) and tweak it or to use a dns-resolver on windows which you can control as you want.

see here for a list of dns-resolvers, check for the "wildcard" column, maybe powerdns or maradns or posadis is something that fits your needs.

akira
  • 62,099
-4

It's another syntax: xxx.xxx.xxx.xxx somedomain.com

Some examples to explain it:

  • 127.0.0.1 .com this line will block all outgoing dnsrequests ending with .com
  • 127.0.0.1 somesite.com will block all outgoing dnsrequests ending with somesite.com
  • 12.2.3.1 www.dns.com will lead all outgoing dnsrequests ending with www.dns.com to 12.2.3.1

You block/lead all second (third,fourth...) level urls with the top(second,third...) level url in the hosts file.

moonfern
  • 17
  • 1
  • Given the last sentence, I assume www.example.com is not blocked by the first line, but only when adding 127.0.0.1 example.com? – Arjan Jul 21 '10 at 20:52
  • 3
    That is definitely not the case on Windows, moonfern. – Owen Blacker May 27 '12 at 20:41
  • 13
    moonfern, I do not agree with your list. 127.0.0.1 somesite.com WILL NOT block all outgoing DNS requests ending with somesite.com, all it will block is http://somesite.com, not www.somesite.com or subdomain.somesite.com or the like. –  Jul 25 '10 at 05:32