Another decent resource for using /etc/hosts is HERE, but that's using "files" (from /etc/nsswitch.conf) for resolution of IPs, which in most cases should come before DNS and NIS in that file anyway.
When you consider layers of redundancy, and the fact that a correctly configured nsswitch.conf file reduces the burden on your DNS server by being referenced first for those IPs you always want blocked (after your null routing tables for blackholes and iptables in your firewall and /etc/hosts.deny in your tcpwrappers), maintaining a list of *standard* IPs in your hosts file is a good thing.
For fun, I like to setup an IP based virtual host with the default index.html page being something like THIS and point those /etc/hosts entries to that IP
But whre DNS is concerned, here's a couple of good reads that should bring you up to speed pretty quick on some crafty solutions using your DNS servers as firewalls on yet another layer:
ftp://ftp.isc.org/isc/dnsrpz/isc-tn-2010-1.txt
and...
http://www.circleid.com/posts/20120103_dns_firewalls_in_action_rpz_vs_spam/
I hope that helps
Kindest regards,
Last edited by a moderator: