On macOS Big Sur I added the settings below to my /etc/hosts my ISP has IPV6 support so normally browsing to major sites that support IPV6 should probably happen on IPV6.
127.0.0.1 cnn.com
::1 cnn.com
In a terminal window I can see that ping is using the /etc/host
ping cnn.com
PING cnn.com (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.036 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.118 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.120 ms
--- cnn.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.036/0.091/0.120/0.039 ms
and ipv6
ping6 cnn.com
PING6(56=40+8+8 bytes) ::1 --> ::1
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.061 ms
16 bytes from ::1, icmp_seq=1 hlim=64 time=0.157 ms
16 bytes from ::1, icmp_seq=2 hlim=64 time=0.156 ms
16 bytes from ::1, icmp_seq=3 hlim=64 time=0.159 ms
16 bytes from ::1, icmp_seq=4 hlim=64 time=0.136 ms
--- cnn.com ping6 statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.061/0.134/0.159/0.037 ms
However from the browser cnn.com still loads up in Firefox, Chrome, and Safari. I tried all the following suggestion form this site and others on the internet but still cnn.com still shown up in the browsers.
- Shut down all programs and restart the machine
- Flush the DNS cache using
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder - checked that firefox was not using DNS over HTTP
- Flushed the DNS cache in chrome using
chrome://net-internals
How do I block cnn.com on macOS Big Sur using /etc/hosts for the whole system?
Best Answer
When this happens, the app you’re using might not be asking Big Sur to look up DNS. For an easy case, you should be able to get Safari to block. Depending on your browser history and what exactly you type - you may need to block more than “cnn.com”:
You also will have to disable most of the search bar functionality since you may be typing a web search in your address bar and then Google, Duck Duck Go, Ecosia will look up CNN's IP address for you based on your typing cnn and pre-load from the IP address - not the DNS lookup...
The above image provides suggested settings for Safari on Big Sur if you implement the block list I provided above for https://cnn.com
Web browsers and some security apps in some cases no longer only call the OS for DNS. Malware, potentially unwanted software and even legitimate programs are starting to hard code IP addresses to get to their servers - and this can be good in the case where they are testing for broken or malicious DNS - not so good when you're unaware what they are doing.
The days of hosts ruling to roost may be long gone unless Apple forces all apps to use system calls. You should be able to get Safari on Big Sur to block sites out of hosts - be sure you open an incognito / private tab or quit the app after making changes.
Even trying to block sites and network ranges network wide using tools like Pi-hole are being lessened in the ever escalating war between people that want to track and monetize your use of the internet and people that are working towards network neutrality and preserving privacy.
You may have to work with Chrome to ensure it’s using system DNS or install an extension that can help block a site or implement a network block on your router outside the app and outside the OS.