Via a long chain up of OS upgrades I'm running macOS Sierra 10.12.5.
Setting entries in my /etc/hosts file is working only occasionally, mostly not.
For example on a freshly rebooted machine. With the only networking set to Wifi.
Everything is unmodified and fine:
bash-3.2$ grep facebook.com /etc/hosts
# 127.0.0.1 facebook.com
bash-3.2$ sudo killall -HUP mDNSResponder
bash-3.2$ dscacheutil -q host -a name facebook.com
name: facebook.com
ipv6_address: 2a03:2880:f127:283:face:b00c::25de
name: facebook.com
ip_address: 157.240.18.35
bash-3.2$ host facebook.com
facebook.com has address 157.240.18.35
facebook.com has IPv6 address 2a03:2880:f127:283:face:b00c::25de
facebook.com mail is handled by 10 msgin.vvv.facebook.com.
But then I uncomment that line for facebook, and I get this:
bash-3.2$ grep facebook /etc/hosts
127.0.0.1 facebook.com
bash-3.2$ sudo killall -HUP mDNSResponder
bash-3.2$ dscacheutil -q host -a name facebook.com
name: facebook.com
ipv6_address: 2a03:2880:f127:283:face:b00c::25de
name: facebook.com
ip_address: 127.0.0.1
bash-3.2$ host facebook.com
facebook.com has address 157.240.18.35
facebook.com has IPv6 address 2a03:2880:f127:283:face:b00c::25de
facebook.com mail is handled by 10 msgin.vvv.facebook.com.
I don't observe anything suspicious in the output of scutil --dns. The dig command and chrome both seem immune to the /etc/hosts change.
help?
Best Answer
This command will tell you which process is making the changes to your hosts file: