---
title: "Local DNS Override — Mirror a Production Domain Locally"
slug: "local-dns-override-mirror-production-domain"
published: "2026-01-16"
updated: "2026-02-22"
categories:
  - "Tools"
tags:
  - "local DNS override"
  - "hosts file override"
  - "mirror production domain"
  - "override hosts file"
  - "production domain testing"
  - "TLS certificate warning"
  - "dig command"
  - "local hostname mapping"
  - "red teaming DNS spoofing"
  - "DNS vs TLS"
  - "bypass domain checks"
llm-intent: "how-to"
audience-level: "beginner"
llm-purpose: "Local DNS override: map a non-production hostname to production IPs using your hosts file. Step-by-step guide to test services locally with TLS tips."
llm-prereqs:
  - "hosts file"
  - "dig"
  - "nano"
  - "HTTPS"
  - "TLS"
---

**Summary Triples**
- (Local DNS Override — Mirror a Production Domain Locally, expresses-intent, how-to)
- (Local DNS Override — Mirror a Production Domain Locally, covers-topic, local DNS override)
- (Local DNS Override — Mirror a Production Domain Locally, provides-guidance-for, Local DNS override: map a non-production hostname to production IPs using your hosts file. Step-by-step guide to test services locally with TLS tips.)

### {GOAL}
Local DNS override: map a non-production hostname to production IPs using your hosts file. Step-by-step guide to test services locally with TLS tips.

### {PREREQS}
- hosts file
- dig
- nano
- HTTPS
- TLS

### {STEPS}
1. Find the production IP address
2. Edit your local hosts file
3. Access the overridden hostname

<!-- llm:goal="Local DNS override: map a non-production hostname to production IPs using your hosts file. Step-by-step guide to test services locally with TLS tips." -->
<!-- llm:prereq="hosts file" -->
<!-- llm:prereq="dig" -->
<!-- llm:prereq="nano" -->
<!-- llm:prereq="HTTPS" -->
<!-- llm:prereq="TLS" -->

# Local DNS Override — Mirror a Production Domain Locally
> Local DNS override: map a non-production hostname to production IPs using your hosts file. Step-by-step guide to test services locally with TLS tips.
Matija Žiberna · 2026-01-16

Local DNS override to mirror a production domain

This technique makes a local machine resolve an alternate hostname to a real production server. It helps with red teaming, testing client behavior, and working around tooling that blocks direct interaction with production URLs.

Goal

Access a production service using an alternate hostname on your local machine.

Example:
product-domain.local resolves to the same server as product-domain.com.

Step 1: Resolve the real IP

Find the production IP address.

dig product-domain.com


Example result:

34.54.184.215

Step 2: Override DNS locally

Edit the hosts file.

sudo nano /etc/hosts


Add:

34.54.184.215  product-domain.local


Save and exit.

Step 3: Access the service
https://product-domain.local

Expected behavior

The server responds normally

HTTPS shows a certificate warning because the certificate is issued for product-domain.com and the hostname is product-domain.local

This is expected and confirms the override works.

Important notes

This affects only your local machine

DNS resolution is overridden; traffic still goes to the same server

TLS hostname validation requires either accepting the warning or using HTTP

External production DNS records remain unchanged

Why this works

DNS decides where traffic goes
TLS decides whether the hostname is trusted

DNS can be overridden locally
TLS requires control over certificates to present a trusted hostname