Best Practices for /etc/hosts Configuration: FQDN, Hostname, and IP Address Mapping in Linux Systems


3 views

When working with Linux systems, I've encountered three common patterns for /etc/hosts configuration:

# Variant 1: Minimal (RHEL default)
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
# Variant 2: Localhost mapping (older practice)
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 myhost myhost.example.org
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
# Variant 3: External IP mapping
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
74.125.239.xxx myhost myhost.example.org

The current recommended approach is to use Variant 1 (minimal configuration) and rely on DNS for hostname resolution. Here's why:

  • DNS provides centralized management and avoids synchronization issues
  • IP addresses can change without requiring host file updates
  • Reduces the risk of configuration drift across servers

Variant 3 (external IP mapping) can be useful in these scenarios:

# Recommended for isolated environments
192.168.1.10   webserver01 webserver01.prod.internal
192.168.1.11   database01 database01.prod.internal

However, avoid mixing localhost and external IPs:

# Anti-pattern (don't do this)
127.0.0.1   localhost webserver01 webserver01.prod.internal
192.168.1.10   webserver01 webserver01.prod.internal

For cloud environments, consider using cloud-init to manage hostnames:

# Example cloud-init configuration
manage_etc_hosts: true
fqdn: webserver01.prod.example.com
hostname: webserver01

For containerized environments, the minimal approach is generally best:

# Docker/container hosts file
127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
fe00::0         ip6-localnet
ff00::0         ip6-mcastprefix
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

Use these commands to verify your configuration:

# Check hostname resolution
hostname -f
hostname -s

# Test DNS resolution
dig +short $(hostname -f)
getent hosts $(hostname -f)

Remember that changes to /etc/hosts take effect immediately, while DNS changes may require cache flushing.

In modern Linux/Unix administration, three distinct approaches exist for configuring hostname resolution in /etc/hosts:

# Variant 1 (Default RHEL style)
127.0.0.1   localhost localhost.localdomain
::1         localhost6 localhost6.localdomain6

# Variant 2 (Legacy approach)
127.0.0.1   localhost myhost myhost.example.org

# Variant 3 (Modern DNS-optimized)
203.0.113.45 myhost myhost.example.org

Variant 1: Keeps minimal localhost entries, relying entirely on DNS for hostname resolution. This follows the principle of "let DNS handle what DNS should handle."

Variant 2: Binds hostnames to 127.0.0.1, which can cause issues with:

  • Network services binding to external interfaces
  • Containerized environments
  • Applications performing reverse DNS lookups
# Potential issue example:
$ hostname -i
127.0.0.1  # When expecting external IP

Variant 3: Provides fastest local resolution while maintaining correct network behavior. The trade-off is maintaining IP addresses in static files.

For most production systems, I recommend this hybrid approach:

# /etc/hosts minimal template
127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback

# External IP mapping (optional)
203.0.113.45    myhost.example.org myhost
198.51.100.10   backup.example.org backup

When deciding whether to include FQDN in /etc/hosts, consider:

  1. DNS Dependency: Can your system boot without DNS?
  2. Cloud Environments: Dynamic IPs may require DNS
  3. Security: /etc/hosts has higher precedence than DNS

For Kubernetes or containerized systems, an even more minimal approach is preferred:

# Container-optimized /etc/hosts
127.0.0.1       localhost
::1             localhost

Use these commands to test your configuration:

# Check resolution order
$ getent hosts myhost.example.org

# Test DNS vs hosts file precedence
$ dig +short myhost.example.org
$ ping -c1 myhost

The optimal configuration depends on your specific environment, but the trend is moving toward minimal /etc/hosts files with proper DNS infrastructure handling the majority of resolution.