If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
Windows DNS cache
On Mon, 01 Jan 2018 23:50:32 -0500, Paul wrote:
Mayayana wrote: "Paul" wrote | There are a couple possibilities. | I don't really follow your explanations here. I have cable, not DSL. The cable co-axial connects to a router. Computers are wired to that, using fixed IP addresses on this side. The cable company assigns an outside IP, but it rarely changes. Probably just often enough to stop me hosting a server. I'm using fixed IP only because I don't like to allow svchost through my software firewalls. DHCP is one of the things that runs under svchost. When I first got Win7 that was the only thing that svchost was needed for that I didn't already have disabled. So I switched to fixed IP addressing. OK, so we're making progress. You could do it like this, where the SVCHOST only talks to the router. Does that assuage your sense of security ? The DHCP in this case, is in two hops. The router has a client it talks to the ISP with. The PCs have a client they talk to the router with. The evil svchost doesn't talk directly to the ISP in this picture. 75ohm coax ------ cablemodem/router ------------ PC#1 ---DHCP DHCP ------------ PC#2 for WAN server evil svchost for LAN If you do it like this, all you're doing is avoiding the DHCP on the LAN side of the router. fixed 75ohm coax ------ cablemodem/router ------------ PC#1 192.168.0.3 ---DHCP ------------ PC#2 192.168.0.4 for WAN Some subnet 192.168.0.1 gateway etc. Your configuration is still pretty conventional, and you're saying now you have more than one PC connected. What the router consists of, is a one port router and a switch chip. The first router I owned, the $300 CDN BEFSR44, actually partitioned this function as two circuit boards. The modem/router I have now, all three functions (modem block, router, switch block) are in the same Broadcom chip. LAN Side WAN --- router board ------------- switch chip ----- PC#1 ----- PC#2 ----- PC#3 consumer router ----- PC#4 Now, in that picture, all the PCs can see one another. The switch is a learning switch, and it keeps track by observation, as to what IPs are on each port. Nit: switches operate on OSI Layer 2, the MAC layer. They don't know or care anything about IP addresses, which exist on Layer 3. Other than that, you're right. Just replace IP address with MAC address. Yes, you can probably use separate subnets and net masks, to logically prevent the PCs from talking to one another. Is that what you're doing to silo the PCs on the right ? "Creative use of netmasks" (for example, /24 on the router's LAN side and /30 on each PC) and "using different subnets" would both require the LAN side of the router to be configured with multiple IP addresses. I don't think any consumer gear can do that, but some 3rd party firmware probably can. The router portion is not supposed to route non-routable addresses like 192.168.x.x, as far as I know. Right, and even if your consumer gear was horribly broken and allowed that traffic to go out, it would be dropped at the ISPs first hop. RFC1918 https://tools.ietf.org/html/rfc1918 The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) -- Char Jackson |
Ads |
#17
|
|||
|
|||
Windows DNS cache
On Tue, 02 Jan 2018 00:43:57 -0500, Paul wrote:
Char Jackson wrote: On Mon, 01 Jan 2018 21:37:00 -0500, Paul wrote: You can buy single port routers, such as the BEFSR41 years ago. It had one WAN port and one LAN port. You're thinking of the BEFSR11 ;-) The BEFSR41 had a WAN port and 4 LAN ports. (The clue is in the model number, 11 versus 41.) I used to own examples of both. When I had the BEFSR11, I connected an Ethernet switch to the LAN port so that I could connect all of the PCs. Actually, though the BEFSR11 and 41 are long gone, to this day I always connect an Ethernet switch to a LAN port and all of the PCs connect to the switch. That way the LAN stays up when the router has to be rebooted. I was rebooting my router once or twice an evening. Once of the finest electronics purchases I've ever made... After a number of attempts to fix it by applying the next release of firmware, it bricked. I expect that was the only update that really "settled things". It was stable after that (sitting in its cardboard box, waiting for hell to freeze over). I don't remember having any problems with any of my Linksys routers, even the much-maligned WRT54G v5. As you may know, most of this consumer-grade networking gear has a JTAG header inside, so you can (almost always) recover from a brick. -- Char Jackson |
#18
|
|||
|
|||
Windows DNS cache
Char Jackson wrote:
On Tue, 02 Jan 2018 00:43:57 -0500, Paul wrote: Char Jackson wrote: On Mon, 01 Jan 2018 21:37:00 -0500, Paul wrote: You can buy single port routers, such as the BEFSR41 years ago. It had one WAN port and one LAN port. You're thinking of the BEFSR11 ;-) The BEFSR41 had a WAN port and 4 LAN ports. (The clue is in the model number, 11 versus 41.) I used to own examples of both. When I had the BEFSR11, I connected an Ethernet switch to the LAN port so that I could connect all of the PCs. Actually, though the BEFSR11 and 41 are long gone, to this day I always connect an Ethernet switch to a LAN port and all of the PCs connect to the switch. That way the LAN stays up when the router has to be rebooted. I was rebooting my router once or twice an evening. Once of the finest electronics purchases I've ever made... After a number of attempts to fix it by applying the next release of firmware, it bricked. I expect that was the only update that really "settled things". It was stable after that (sitting in its cardboard box, waiting for hell to freeze over). I don't remember having any problems with any of my Linksys routers, even the much-maligned WRT54G v5. As you may know, most of this consumer-grade networking gear has a JTAG header inside, so you can (almost always) recover from a brick. I think the hardware was buggy on that thing, and no amount of new firmware would ever fix it. It's fun to pretend though. So when it bricked, that was a signal... "Hey, time's up" :-) I wonder if anyone still uses one of those ? Smithsonian ? I actually own a JTAG cable, but it's based on a parallel port interface. The design was ancient, the day I bought it. There's nothing in the room here now, with a parallel port... The board that connected to, is retired (it's not even inside a computer case). Paul |
#19
|
|||
|
|||
Windows DNS cache
On Tue, 02 Jan 2018 02:11:18 -0500, Paul wrote:
I actually own a JTAG cable, but it's based on a parallel port interface. The design was ancient, the day I bought it. There's nothing in the room here now, with a parallel port... The board that connected to, is retired (it's not even inside a computer case). Heh, mine is based on a parallel port, too. I bought it in 2006 for a specific purpose and haven't used it since. -- Char Jackson |
#20
|
|||
|
|||
Windows DNS cache
"Paul" wrote
| You could do it like this, where the SVCHOST only talks to the router. | Does that assuage your sense of security ? The DHCP in this case, | is in two hops. The router has a client it talks to the ISP with. | The PCs have a client they talk to the router with. The evil svchost | doesn't talk directly to the ISP in this picture. | The point is not that svchost is "evil" but that it's a wrapper for many other things. For security and privacy I want a system where only specific programs, like Firefox or TBird, are allowed out, and only on specific ports. To allow DHCP means allowing svchost through the firewall as a process. DHCP itself is not the issue. But using it means allowing all the other services that run under it to go through the firewall. Since a fixed IP is just as easy I don't need to allow svchost through. Since nearly all software makers these days, including Microsoft, think they have a right to call home without asking, I consider it good practice to block all uninitiated outgoing. That's also a good way to create a warning system for malware. It means I'm informed about anything trying to go out that's not pre-approved. | Now, in that picture, all the PCs can see one another. The switch | is a learning switch, and it keeps track by observation, as to | what IPs are on each port. | | Yes, you can probably use separate subnets and net masks, to logically | prevent the PCs from talking to one another. Is that what you're doing | to silo the PCs on the right ? The router portion is not supposed to route | non-routable addresses like 192.168.x.x, as far as I know. | Frankly I don't understand much about how a local network is set up because I've never needed one and always disabled things like filesharing and networking services for the sake of security. None of my computers sees another. There's no Network Neighborhood. External requests are dropped by the firewall. Filesharing is disabled. Remote Desktop software would not be usable. Windows default configuration is intended for corporate workstation support "out of the box", but I disable all of that. (The first bug in XP, if I remember correctly, was the Messenger service. It was enabled by default, meant to be used on corporate intranets to allow the IT people to make announcements. Instead it was being used by online entities to pop up ads.) One of the common scams these days is to call people and tell them their Windows license is expiring. The caller then convinces the person to download a kind of Remote Desktop software. The callee then sees someone controlling their computer, moving the mouse, opening files... They're convinced that, yes, Microsoft controls their computer and wants some money! Personally I don't think that kind of thing should be possible. The functionality shouldn't be enabled on anything but a non-critical workstation that's locked into an intranet. |
#21
|
|||
|
|||
Windows DNS cache
On 02/01/2018 04:17, Mayayana wrote:
I doubt that external IP addresses are being cached via DNS Client. They are. That's what DNS is for. Simply doing ipconfig /displaydns will show that they are being cached. If they were it would be redundant caching. A web page can reference a domain like images.mywebsite.org many many times. It's worth avoiding multiple DNS lookups. It's not a matter of sparing 12 MB RAM. There's no need for the functionality because I don't have local networking. See above. -- Brian Gregory (in England). |
#22
|
|||
|
|||
Windows DNS cache
"Brian Gregory" wrote
| Simply doing | ipconfig /displaydns | will show that they are being cached. | You don't get it. I have DNS Client service disabled. Ipconfig /displaydns does nothing. | If they were it would be redundant caching. | | A web page can reference a domain like images.mywebsite.org many many | times. It's worth avoiding multiple DNS lookups. | Yes, but your browser is probably already caching as necessary. http://kb.mozillazine.org/Network.dnsCacheExpiration FF caches for 60 seconds by default and the value can be custom-set. But suit yourself. Personally I don't have any problems with my browsers. Actually, Firefox goes to the other extreme. If you don't set Network.dns.disablePrefetch and Network.dns.disablePrefetchFromHTTPS to false then FF will make DNS calls to links in the webpages you read, just in case you decide to visit them! And it gets worse. If you don't set Network.prefetch-next to false then FF will also load page content that you *might* decide to visit. It's sacrifing both efficiency and privacy so that it can look zippy on your next hop. |
#23
|
|||
|
|||
Windows DNS cache
On 03/01/2018 01:13, Mayayana wrote:
"Brian Gregory" wrote | Simply doing | ipconfig /displaydns | will show that they are being cached. | You don't get it. I have DNS Client service disabled. Ipconfig /displaydns does nothing. I was trying to point out that you disabled a service without any proper idea of what it did. -- Brian Gregory (in England). |
#24
|
|||
|
|||
Windows DNS cache
"Mayayana"
news alt.windows7.general, wrote: "Brian Gregory" wrote | I don't have a LAN. I don't allow sharing with other | computers for security reasons. | | Surely your PC isn't connected directly to the internet? I have a router connected to the cable input and computers connected to that. I don't know if you'd call that a LAN. I don't consider it a LAN because I don't enable networking or filesharing functionality on any of the computers. That's technically a LAN, yes. Despite the fact you aren't actually taking advantage of it; because you have file sharing, etc, disabled. Hmm. Why aren't you allowing file shares? You can set permissions on them. -- To prevent yourself from being a victim of cyber stalking, it's highly recommended you visit he https://tekrider.net/pages/david-brooks-stalker.php ================================================== = Ability is a good thing but stability is even better. |
#25
|
|||
|
|||
Windows DNS cache
Char Jackson
Tue, 02 Jan 2018 05:09:31 GMT in alt.windows7.general, wrote: On Mon, 01 Jan 2018 21:37:00 -0500, Paul wrote: You can buy single port routers, such as the BEFSR41 years ago. It had one WAN port and one LAN port. You're thinking of the BEFSR11 ;-) The BEFSR41 had a WAN port and 4 LAN ports. (The clue is in the model number, 11 versus 41.) I've still got two of the 4port editions. [g] And a Cisco es1500. Nice little router, dated mind you, but rather nice. I used to own examples of both. When I had the BEFSR11, I connected an Ethernet switch to the LAN port so that I could connect all of the PCs. Actually, though the BEFSR11 and 41 are long gone, to this day I always connect an Ethernet switch to a LAN port and all of the PCs connect to the switch. That way the LAN stays up when the router has to be rebooted. Hahah! Same here. cable to router/ single line coming from router to switch (8port gigabit), computers tied to switch. So the LAN stays online even if the cable or router itself goes out. That way, if i'm moving files around or something and need to reboot cable or the router, I don't interrupt the file xfer(s) in progress. It also makes troubleshooting WAN side connectivity issues a little quicker. As it has to either be the router or the cable modem if the computers see each other. [g] And it's easy enough to see which it is, cable or router by attempting to talk to them seperately. For me, I've noticed if I have to restart the router, it won't bring up the login page for me. And if the cable needs a kick in the ass, once I release the IP from inside the router, it can't renew one. -- To prevent yourself from being a victim of cyber stalking, it's highly recommended you visit he https://tekrider.net/pages/david-brooks-stalker.php ================================================== = Daddy's privates and a cat's springy cat toy are interchangeable. |
#26
|
|||
|
|||
Windows DNS cache
"Diesel" wrote
| Hmm. Why aren't you allowing file shares? You can set permissions on | them. | I don't need to, so I don't need to take the risks. Allowing functionality between machines can never be truly risk-free. Occasionally I move files vis USB stick between machines, to do something like test software, but in general I have no reason to share files locally, and certainly not remotely. |
#27
|
|||
|
|||
Windows DNS cache
"Mayayana" news
Wed, 03 Jan 2018 02:45:51 GMT in alt.windows7.general, wrote:
"Diesel" wrote | Hmm. Why aren't you allowing file shares? You can set permissions on | them. | I don't need to, so I don't need to take the risks. Allowing functionality between machines can never be truly risk-free. Nothing in life is completely risk free... Occasionally I move files vis USB stick between machines, to do something like test software, but in general I have no reason to share files locally, and certainly not remotely. I don't share files remotely, either. But, unlike yourself, I have several machines in file server roles too. One for music, one for movies/concerts, etc. Too much data to move around via usb stick. -- To prevent yourself from being a victim of cyber stalking, it's highly recommended you visit he https://tekrider.net/pages/david-brooks-stalker.php ================================================== = 'Energize!' said Picard and the pink bunny appeared... |
#28
|
|||
|
|||
Windows DNS cache
"Diesel" wrote
| | I don't share files remotely, either. But, unlike yourself, I have | several machines in file server roles too. One for music, one for | movies/concerts, etc. Too much data to move around via usb stick. | I can see that. I just don't have the need. My computer is my desk and file cabinet, and a secondary bookshelf; not my movie or music store. I don't listen to music, and movies come from the library or Netflix DVDs. I just don't have occasion to connect to other computers in the house. And usually only one, at most, is running. That would be the computer of my ladyfriend, who also uses hers as a desk. If I were going to allow networking I'd do it only on a sacrifice computer, where I didn't keep any personal data, only using it for specific networking needs. You may wonder about streaming. Why don't I use a computer to stream from Netflix or Hulu to a TV? I've thought of that, but I don't see anything that makes the effort and expense worthwhile. Netflix streaming, last I checked, was down to about 4,000 titles that are mostly junk, and the number keeps going down. (OK, some people don't think Star Wars is junk. My condolences to them. I find it tragic that George Lucas never got a real job so that we might be spared his endless regurgitation of witless cartoons. Netflix streaming actually rotates movies in and out. The fees to the studios have made good service untenable for the prices they charge, so it's gradually turning into a TV network with a smattering of 2nd rate movies. (Come to think of it, that's kind of what happened to "premium" cable. They went from providing top-rate movies to a combination of TV shows and movies that never made it into the theaters. I suspect the movie studios probably offer good deals on royalties for new venues but then come knocking once companies like Netflix, Cinemax, HBO, etc start making good money.) Netflix DVDs available when I checked recently were 93,000. I checked because a lot of people tell me I should get streaming. But I don't want to watch serial TV shows and my taste in movies is mainly "art house" fare that's hard to get. What I might define as inspiring works of art that are somehow "touching", rather than entertaining. It's all just as well. I don't like the way things are heading with digital entertainment. Cable services are intrusive and expensive. Streaming is likely to be worse in terms of intrusion. And now we have to worry about computerized TVs spying on viewers and conversation, in order to target ads. I'm happy with rabbit ears and library/Netfix DVDs. I'm on my way to the library today, to see what they've got to watch for the next few days, as I may get snowed in by the "snow hurricane" coming up the east coast. .... Though I do have a few VCR tapes in my "media library". Wouldja like to borrow Spalding Gray's Monster in a Box, or Joseph Campbell interviewd by Bill Moyers, circa 1986? |
#29
|
|||
|
|||
Windows DNS cache
"Mayayana" news
Wed, 03 Jan 2018 14:10:23 GMT in alt.windows7.general, wrote:
You may wonder about streaming. Why don't I use a computer to stream from Netflix or Hulu to a TV? I've thought of that, but I don't see anything that makes the effort and expense worthwhile. I'm not into the netflix/hulu thing either. I don't watch enough tv at one time to justify it. I'm happy with mash reruns. [g] .... Though I do have a few VCR tapes in my "media library". Wouldja like to borrow Spalding Gray's Monster in a Box, or Joseph Campbell interviewd by Bill Moyers, circa 1986? I may take you up on that someday. I've been on a classic movie kick lately; old black and white and vintage scifi from the 50s. For some reason, the stuff fascinates me. -- To prevent yourself from being a victim of cyber stalking, it's highly recommended you visit he https://tekrider.net/pages/david-brooks-stalker.php ================================================== = What has four legs and an arm? A happy pitbull. |
|
Thread Tools | |
Display Modes | |
|
|