View Single Post
  #40  
Old January 2nd 18, 06:52 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Char Jackson
external usenet poster
 
Posts: 10,449
Default Windows DNS cache

On Mon, 01 Jan 2018 23:50:32 -0500, Paul wrote:

Mayayana wrote:
"Paul" wrote

| There are a couple possibilities.
|

I don't really follow your explanations here. I have
cable, not DSL. The cable co-axial connects to a router.
Computers are wired to that, using fixed IP addresses
on this side. The cable company assigns an outside
IP, but it rarely changes. Probably just often enough
to stop me hosting a server.
I'm using fixed IP only because I don't like to allow
svchost through my software firewalls. DHCP is one
of the things that runs under svchost. When I first
got Win7 that was the only thing that svchost was
needed for that I didn't already have disabled. So I
switched to fixed IP addressing.


OK, so we're making progress.

You could do it like this, where the SVCHOST only talks to the router.
Does that assuage your sense of security ? The DHCP in this case,
is in two hops. The router has a client it talks to the ISP with.
The PCs have a client they talk to the router with. The evil svchost
doesn't talk directly to the ISP in this picture.

75ohm coax ------ cablemodem/router ------------ PC#1
---DHCP DHCP ------------ PC#2
for WAN server evil svchost
for LAN

If you do it like this, all you're doing is avoiding the DHCP
on the LAN side of the router.
fixed
75ohm coax ------ cablemodem/router ------------ PC#1 192.168.0.3
---DHCP ------------ PC#2 192.168.0.4
for WAN Some subnet
192.168.0.1
gateway etc.

Your configuration is still pretty conventional, and you're saying
now you have more than one PC connected.

What the router consists of, is a one port router and a switch chip.
The first router I owned, the $300 CDN BEFSR44, actually partitioned
this function as two circuit boards. The modem/router I have now,
all three functions (modem block, router, switch block) are in the
same Broadcom chip.
LAN Side
WAN --- router board ------------- switch chip ----- PC#1
----- PC#2
----- PC#3
consumer router ----- PC#4

Now, in that picture, all the PCs can see one another. The switch
is a learning switch, and it keeps track by observation, as to
what IPs are on each port.


Nit: switches operate on OSI Layer 2, the MAC layer. They don't know or
care anything about IP addresses, which exist on Layer 3. Other than
that, you're right. Just replace IP address with MAC address.

Yes, you can probably use separate subnets and net masks, to logically
prevent the PCs from talking to one another. Is that what you're doing
to silo the PCs on the right ?


"Creative use of netmasks" (for example, /24 on the router's LAN side
and /30 on each PC) and "using different subnets" would both require the
LAN side of the router to be configured with multiple IP addresses. I
don't think any consumer gear can do that, but some 3rd party firmware
probably can.

The router portion is not supposed to route
non-routable addresses like 192.168.x.x, as far as I know.


Right, and even if your consumer gear was horribly broken and allowed
that traffic to go out, it would be dropped at the ISPs first hop.

RFC1918
https://tools.ietf.org/html/rfc1918

The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)


--

Char Jackson
Ads