DNS/firewall/packetfilter issues w/ OSX, /etc/hosts file

hosts

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1   localhost
127.0.1.1   foobar.localhost
127.0.2.1   zubaz.localhost
127.0.3.1   foo.localhost
127.0.4.1   bar.localhost
255.255.255.255	broadcasthost
::1             localhost 

tests.bash

Administrators-MacBook-Pro-9:hyrax atz$ dig localhost

; <<>> DiG 9.8.3-P1 <<>> localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3326
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;localhost.			IN	A

;; ANSWER SECTION:
localhost.		360000	IN	A	127.0.0.1

;; AUTHORITY SECTION:
localhost.		360000	IN	NS	localhost.

;; ADDITIONAL SECTION:
localhost.		360000	IN	AAAA	::1

;; Query time: 37 msec
;; SERVER: 171.64.1.234#53(171.64.1.234)
;; WHEN: Mon Apr 24 15:32:59 2017
;; MSG SIZE  rcvd: 85

Administrators-MacBook-Pro-9:hyrax atz$ dig foobar

; <<>> DiG 9.8.3-P1 <<>> foobar
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50301
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;foobar.				IN	A

;; AUTHORITY SECTION:
.			9882	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2017042402 1800 900 604800 86400

;; Query time: 40 msec
;; SERVER: 171.64.1.234#53(171.64.1.234)
;; WHEN: Mon Apr 24 15:33:06 2017
;; MSG SIZE  rcvd: 99

Administrators-MacBook-Pro-9:hyrax atz$ dig foobar.localhost

; <<>> DiG 9.8.3-P1 <<>> foobar.localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21918
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;foobar.localhost.		IN	A

;; AUTHORITY SECTION:
localhost.		360000	IN	SOA	localhost. hostmaster.stanford.edu. 100111103 360000 30000 3600000 360000

;; Query time: 37 msec
;; SERVER: 171.64.1.234#53(171.64.1.234)
;; WHEN: Mon Apr 24 15:33:09 2017
;; MSG SIZE  rcvd: 93

Turning off the firewall in "Security & Privacy" settings panel did not affect curl.

nmap tells me the status for localhost:3000 is "open", but foobar.localhost:3000 is "filtered".

Administrators-MacBook-Pro-9:hyrax atz$ nmap -p3000 localhost

Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-24 16:51 PDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00012s latency).
Other addresses for localhost (not scanned): ::1
PORT     STATE SERVICE
3000/tcp open  ppp

Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
Administrators-MacBook-Pro-9:hyrax atz$ nmap -p3000 -Pn foobar.localhost

Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-24 16:52 PDT
Nmap scan report for foobar.localhost (127.0.1.1)
Host is up.
rDNS record for 127.0.1.1: foobar
PORT     STATE    SERVICE
3000/tcp filtered ppp

Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds

This is rather informative:
All 1000 scanned ports on foobar.localhost (127.0.1.1) are filtered

Also the reason is no-response:

nmap -p3000 -Pn --reason foobar.localhost

Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-24 17:22 PDT
Nmap scan report for foobar.localhost (127.0.1.1)
Host is up, received user-set.
rDNS record for 127.0.1.1: foobar
PORT     STATE    SERVICE REASON
3000/tcp filtered ppp     no-response

Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds

Crudely disabling pf on OSX fixed it: sudo pfctl -d

Now to refine that into something less drastic.