Ask HN: Local hostnames without root/admin
20 comments
·September 21, 2025WarOnPrivacy
> As noted in the ingress, the web browser is the primary application.
In Firefox, about:networking and about:networking#dns are the http cache and dns cache. I have never considered writing values to these directly. Could there be a method for doing so within the developer console? Perhaps someone knows.
There are replies in the below link that touch on it for Chrome. The top suggestion, however, is using a socks 5 proxy server as a workaround. https://superuser.com/questions/184643/override-dns-in-firef...
ogig
Since you can't edit hosts, or setup a resolver, maybe bookmark directly the ips on your browser? I understand you asked for hostnames but given the context you might aswell internalize some local ips.
galaxy_gas
1. Buy domain for your service
2. Make wildcard record to point to 127.0.0.1
3. User can apply any.thing.here.yourcompanyinternal.xxx
g4cg54g54
https://en.wikipedia.org/wiki/DNS_rebinding protection will stop this from working "hopefully" ;)
but `--host-resolver-rules` may work, https://chromium.googlesource.com/chromium/src/+/main/net/ba... @terry_hc
bawolff
> https://en.wikipedia.org/wiki/DNS_rebinding protection will stop this from working "hopefully" ;)
Does anyone actually ban 127 resolution to stop dns rebinding? I feel like that would probably break a lot of things while not actually preventing dns rebinding.
galaxy_gas
https://docs.google.com/document/d/1QQkqehw8umtAgz5z0um7THx-... is in Beta channel now
GoblinSlayer
If your programs use glibc, it supports hosts overrides in an environment variable, forgot which.
ranger207
This feels like an X-Y problem. What's preventing you from running a local copy of Dnsmasq? It's really not difficult
moondev
lucgommans
Or if you need records other than A/AAAA, like MX for delivering email: https://anyz.one
e.g. 10.2.3.4.anyz.one will refer the recursive resolver to query 10.2.3.4 for the answer to the query. You can also buy a domain and configure it to do that, but this is quicker
Disclosure: I wrote anyzone
sim7c00
anything that could capture the traffic of another application outside of that application is likely gonna need super user privs. the ports it flows on need those to capture it, and running a program which could capture it also likely needs it.
that being said: more context would thus help. what application is making the request, and at what point do you expect to intercept or get that request? is that outside the same app or not?
edit: also, can you atleast set it up as root or does everything need to happen as user? (and the OS might also matter)
terry_hc
As noted in the ingress, the web browser is the primary application. It must work for an end-user lacking the technical facilities or even sufficient administrative access to install a resolver or edit the system's hosts file. A browser extension would be a great solution.
terry_hc
I want to note that I mean to use such internal hostnames to reach services inside a VPN. If solutions such as IPsec or OpenVPN can somehow push and manifest host->IP correlations for the OS, as an alternative to pushing an additional DNS resolver living inside the VPN, that would also be a viable solution.
null
I'm looking for a simple way to locally define hostnames for internal use, think /etc/hosts, but without the requirement of superuser privileges. Running a resolver locally, or within the LAN, falls outside the realm of "simple". The subject is primarily the web browser, so a clever browser extension for Firefox and/or Chromium would work great. If resolution could also happen outside the browser that would be a nice bonus.
Thankful for any suggestions.