Custom host entry

On a generic POSIX-like system in order to give a system an alias that is not provided by the upstream DNS-server you would modify the etc/hosts file. eg. you include something like this at the end: somecoolsitethatisnotpublicyavialablebythisnameyet.com

where is the IP-adres of a server responding with the intended website of the not yet published alias of said website.

On whonix modifying the etc/hosts file does not give the expected result. This holds true for modifications to either the workstation or gateway machine. I am sure this has something to do with the insulation of these virtual machines from the DNS of the host machine, which, of course, is a good feature. However to get the desired result I would like to know how whonix handles these matters i.e. I would like to know which file I have to modify to include a entry such as the one from my example.


I am sure this has something to do with the insulation of these virtual machines from the DNS of the host machine


Many applications are preconfigured to talk to Tor directly for stream

What that is and how to disable, see:

/etc/hosts is only used in case of system default (/ fallback /
non-socksified / transparent torifification) traffic.

Thanks for your reply. Turns out things are a little bit more complex then I was thinking. Would it be possible to achieve the desired result without disabling some features and/or decreasing anonymity.

According to the wiki, there are actually multiple methods of routing traffic through tor i.e. socks and the awt-wrapper. I basically only need to be able to use the proposed configuration for the Tor browser (although wget would be handy to). Does this make things easier?

Patrick’s explanation might be easier to understand with a concrete example.

If you install a fresh copy of firefox-esr, it is not stream-isolated by default, meaning that it will check your /etc/hosts table before sending out traffic. Stream-isolated programs (wget, curl, apt-get, etc) are routed straight to Whonix-Gateway by ip:port where they are then processed by the tor daemon. There is no opportunity to do a local hosts lookup. So if you want to check /etc/hosts, you need to un-torrify un-socksify the relevant app.

1 Like

For understanding, the /Easy version of the article:

To disable:

Just follow the documentation for Tor Browser from above link then… But…

No. Technically limitations. You cannot have it both ways.

    1. use Whonix default configuration plus
    1. have /etc/hosts being used

Basically Tor Browser is talking directly to Tor. So you need to add the filtering directly into Tor Browser or Tor. Doing that can be done as per https://www.whonix.org/wiki/Free_Support_Principle. Note: makes you unique

Perhaps try if this works for non-onion domains also:


Note: makes you unique

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]