that being said: more context would thus help. what application is making the request, and at what point do you expect to intercept or get that request? is that outside the same app or not?

edit: also, can you atleast set it up as root or does everything need to happen as user? (and the OS might also matter)

In Firefox, about:networking and about:networking#dns are the http cache and dns cache. I have never considered writing values to these directly. Could there be a method for doing so within the developer console? Perhaps someone knows.

There are replies in the below link that touch on it for Chrome. The top suggestion, however, is using a socks 5 proxy server as a workaround. https://superuser.com/questions/184643/override-dns-in-firef...

2. Make wildcard record to point to 127.0.0.1

3. User can apply any.thing.here.yourcompanyinternal.xxx

It would help if you could expand on this. Is this a "don't want devs to need to mess with their boxes" thing, or a "we're doing shadow IT and can't run things the normal way" thing, or something else?

> Running a resolver locally, or within the LAN, falls outside the realm of "simple".

No, it really doesn't. A DNS server can be a single file binary pointed at a simple text file, optionally pointed directly at a hosts-format file. I suggest coredns personally but there are other options.

Like you want to be able to update it without su or that you cant access it at all?

Like you could have a cron running as root that updates etc/hosts every minute based on a userspace text document if you felt like it. It would be incredibly bad practice but I dont get the impression that this is a concern.

>Running a resolver locally, or within the LAN, falls outside the realm of "simple".

Running your own DNS server isnt simple? The standard Microsoft DHCP/DNS process is to take DHCP leases and turn them into DNS entries.

Part of the reason a lot of answers are going to challenge your simple requirements, is that theres a great deal of malware that would love to do what you want to do, and these systems are largely hardened to prevent it.

If this is for an application you want to deploy, I believe "Simple" for userspace, is quite complex to overcome all the things trying to prevent exactly this. My gut feeling is that this desire will evolve into a docker container with a DNS resolver, and just present some kind of interface for adding records. Then just pipe all your DNS requests through the container.

Here's an example:

  > cat hosts
  198.51.100.33 test.tld
  2001:db8::33 test.tld
  198.51.100.12 test4.tld
  2001:db8::12 test6.tld

  > LD_PRELOAD=/nix/store/sw2r0gpi9c9rsvqgvi4906yxh948ydsv-nss_wrapper-1.1.16/lib/libnss_wrapper.so NSS_WRAPPER_HOSTS=hosts getent ahosts test.tld
  198.51.100.33   DGRAM  test.tld
  198.51.100.33   STREAM test.tld
  2001:db8::33    DGRAM
  2001:db8::33    STREAM

  > LD_PRELOAD=/nix/store/sw2r0gpi9c9rsvqgvi4906yxh948ydsv-nss_wrapper-1.1.16/lib/libnss_wrapper.so NSS_WRAPPER_HOSTS=hosts getent ahosts test4.tld
  198.51.100.12   DGRAM  test4.tld
  198.51.100.12   STREAM test4.tld

  > LD_PRELOAD=/nix/store/sw2r0gpi9c9rsvqgvi4906yxh948ydsv-nss_wrapper-1.1.16/lib/libnss_wrapper.so NSS_WRAPPER_HOSTS=hosts getent ahosts test6.tld
  2001:db8::12    DGRAM  test6.tld
  2001:db8::12    STREAM test6.tld

  > LD_PRELOAD=/nix/store/sw2r0gpi9c9rsvqgvi4906yxh948ydsv-nss_wrapper-1.1.16/lib/libnss_wrapper.so NSS_WRAPPER_HOSTS=hosts curl -v test.tld
  * Host test.tld:80 was resolved.
  * IPv6: 2001:db8::33
  * IPv4: 198.51.100.33
  *   Trying [2001:db8::33]:80...
  *   Trying 198.51.100.33:80...