I’ve been dealing with this issue since loong time and become a mystery for myself. Every time I add new entries to /etc/hosts file in MacOS it only persist for sometimes. It is more or less like every after 30 minutes the files getting overwritten back to previous state. That means my entries lost. I was thinking MacOS did it internally or there are some limitation of allowed entries in /etc/hosts files (I put a LOT of entries since handling a lot of machine at work), but never thought it was due to other application.
Only by today in some discussion it is mentioned the /etc/hosts files can be overwritten by JunOS Pulse VPN Client, as reported on this blog post. Although my observation result different to that post, it is pointing to some crucial part.
First, JunOS Pulse VPN Client will make a backup of /etc/hosts files to /etc/jnpr-pulse-hosts.bak whenever VPN connected. In my situation, I always modify /etc/hosts files whenever I am connected to customer VPN. Why? Because only by that time I realised I want to connect to specific hostname (part of customer network), so I add the IP and hostname information into my /etc/hosts file and save it.
Whenever JunOS disconnected from VPN the /etc/hosts file will be restored back by /etc/jnpr-pulse-hosts.bak. That is saying if I didn’t insert the entries before /etc/jnpr-pulse-hosts.bak created (before VPN connected), the entries will be lost whenever VPN disconnected. So the lesson is, whenever we want to add entries into /etc/hosts which is related to work / school VPN network, add it before connecting to VPN.
In my case, JunOS VPN client also getting disconnected every sometimes like 30 minutes or so. I don’t know if it is set by VPN server itself or due to any other reason. If I am using MacOS, I don’t feel it because JunOS perform automatic reconnection whenever VPN session getting lost unless the session manually disconnected, this is very convenient feature but at the same time I will never realize that whenever session reconnected /etc/hosts file also getting overwritten by /etc/jnpr-pulse-hosts.bak, since I used to modify /etc/hosts file after connected to VPN that file will be overwritten after auto reconnect. That is the ‘special effect’ explaining why every after 30 minutes my /etc/hosts files back to previous state 🙂
Regarding session getting auto-disconnected every 30 minutes or so was an obvious events because I recently used Windows machine (windows 10) as well to connect to customer VPN network and unfortunately must manually press connect button every time VPN session getting disconnected (the events I never experienced with MacOS since it is handled automatically, yeay!).
Anyway, mystery solved.