If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
|
#1
|
|||
|
|||
Windows DNS cache (was: Why does Firefox not respect the HOSTS file in Windows)
In message , Char Jackson
writes: [] You can view the Windows DNS cache with the following command: ipconfig /displaydns Thanks, interesting. By repeatedly running the following command, which simply pulls out the Time To Live (TTL) values for easier visibility, you can see the TTL starting values as well as seeing the TTL count down toward zero. When it hits zero, the DNS entry is removed from the cache. ipconfig /displaydns | find "Time To Live" Lastly, for testing purposes, you can clear the Windows DNS cache with the following command: ipconfig /flushdns There are no ill effects as a result of clearing the cache. It simply rebuilds over time, as necessary. I did it, and (I'm running XP) it said Successfully flushed the DNS Resolver Cache. I then did ipconfig /displaydns | find "Time To Live" again, and it looked to still have the same number of lines; doing it without the pipe to "find" (piping to "more" instead) looks the same, too. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf Don't hit the keys so hard, it hurts. |
#2
|
|||
|
|||
Windows DNS cache
J. P. Gilliver (John) wrote:
I did it, and (I'm running XP) it said Successfully flushed the DNS Resolver Cache. I then did ipconfig /displaydns | find "Time To Live" again, and it looked to still have the same number of lines; doing it without the pipe to "find" (piping to "more" instead) looks the same, too. Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es \DNSCache\Parameters Data: MaxCacheEntryTtlLimit (DWORD) Default value is 86,400 seconds (1 day) How long a positive DNS query remains locally cached. Data: NegativeCacheTime value (DWORD) Default value is 300 seconds. How long a negative DNS query (failure) remains cached. Defaults get used if the registry entry is not defined. Setting MaxCacheEntryTtlLimit to 1 effectively disables the local DNS cache (TTL is only 1 second). This is what Microsoft recommends. Don't know what happens if you set it to 0 (sometimes endpoints in a range have special meaning so maybe 0 means indefinite caching time). You could also disable the "DNS Client" service (stop and set to Disable startup mode) and then also flush the current cache contents. Of course, that means if a web page has hundreds of hostnames all of which need to be resolved (they are absolutely pathed to the same or different domain versus relatively path to the same host) then you will be making a lot more DNS requests outside your host to whatever DNS server you use. Firefox has its own internal DNS cache. To disable it, set network.dnsCacheExpiration to 0 (zero) - which means you would use Windows local DNS cache unless that was also disabled which means you would also issue DNS requests to an outside DNS server for every non-relatively pathed resource in a web page (which could be scripts, CSS, and other non-ad/tracking resources). Note: Just because an old setting is still listed in about:config does not mean Firefox still honors it. I've read contradicting articles dated July 2016 claiming that a "new version" (not mentioned) has Firefox using the local DNS cache in the OS. In FF 47.0.1, the about:cache page is still defined (and mine shows non-zero values), so maybe some near-future version is going to drop the internal DNS cache. |
#3
|
|||
|
|||
Windows DNS cache (was: Why does Firefox not respect the HOSTS file in Windows)
On Sat, 2 Jul 2016 09:31:22 +0100, "J. P. Gilliver (John)"
wrote: In message , Char Jackson writes: [] You can view the Windows DNS cache with the following command: ipconfig /displaydns Thanks, interesting. By repeatedly running the following command, which simply pulls out the Time To Live (TTL) values for easier visibility, you can see the TTL starting values as well as seeing the TTL count down toward zero. When it hits zero, the DNS entry is removed from the cache. ipconfig /displaydns | find "Time To Live" Lastly, for testing purposes, you can clear the Windows DNS cache with the following command: ipconfig /flushdns There are no ill effects as a result of clearing the cache. It simply rebuilds over time, as necessary. I did it, and (I'm running XP) it said Successfully flushed the DNS Resolver Cache. I then did ipconfig /displaydns | find "Time To Live" again, and it looked to still have the same number of lines; doing it without the pipe to "find" (piping to "more" instead) looks the same, too. The primary intent of that command string was to highlight the TTL of the various cache entries and to illustrate how the TTL decrements to zero, followed by the cache entry being removed. Having said that, if there are cache entries that are simply waiting to time out (not corresponding to any current network activity, for example), then a flush should clear them and they won't immediately reappear. However, if you have current network activity, then clearing the cache might indeed appear to be very temporary. I'd expect to see a refresh of the TTL, though. The command string above would highlight that. -- Char Jackson |
#4
|
|||
|
|||
Windows DNS cache (was: Why does Firefox not respect the HOSTS file in Windows)
| You can view the Windows DNS cache with the following command:
| | ipconfig /displaydns | | Thanks, interesting. ...... | I did it, and (I'm running XP) it said | | Successfully flushed the DNS Resolver Cache. | I was wondering what all this talk was of Windows DNS Cache. I'd never heard of it. It should be clarified that "Windows DNS Cache" is actually the DNS Client service. It doesn't need to be enabled at all for most people. It's possible that people on a network with Active Directory may need it. I'm not familiar with that. I suspect they don't and that it will only save on a few intranet calls. I've had DNS Client disabled for years and see no reason to enable it. |
#5
|
|||
|
|||
Windows DNS cache
On 04/07/2016 15:38, Mayayana wrote:
| You can view the Windows DNS cache with the following command: | | ipconfig /displaydns | | Thanks, interesting. ..... | I did it, and (I'm running XP) it said | | Successfully flushed the DNS Resolver Cache. | I was wondering what all this talk was of Windows DNS Cache. I'd never heard of it. It should be clarified that "Windows DNS Cache" is actually the DNS Client service. It doesn't need to be enabled at all for most people. It's possible that people on a network with Active Directory may need it. I'm not familiar with that. I suspect they don't and that it will only save on a few intranet calls. I've had DNS Client disabled for years and see no reason to enable it. You don't need it if you LAN has it's own DNS cache but I guess it might be worth saving the 12MB of RAM it uses to save doing unnecessary DNS lookups over the Internet. -- Brian Gregory (in the UK). To email me please remove all the letter vee from my email address. |
#6
|
|||
|
|||
Windows DNS cache
Brian Gregory wrote:
Note: I'm not going to reconstruct the attribution lines that Mayayana discards in his replies. So I only quote Brian's post in my reply in this subthread. You don't need it if you LAN has it's own DNS cache but I guess it might be worth saving the 12MB of RAM it uses to save doing unnecessary DNS lookups over the Internet. Pages nowadays have resources across many and far flung sites. The content of a page can have ad resources on CDNs (content delivery networks), scripts on tertiary domains (same or different owner than the visited domain), CSS files on other servers, etc. All those resources require DNS lookups. With some pages having hundreds of externally linked resources, there can be hundreds of such DNS requests in just one page. Rarely do sites use IP addresses for their external resources. Some resources may be relatively pathed (i.e., under the same domain as visited) but many sites incorporate off-site or external resources. Having a local cache to shortcut the DNS lookups by finding the IP address for a previously visited site will speed up all those DNS lookups. The positive lookups (those that succeeded) are cached for only a day, by default. The negative lookups (that that failed) are cached for only 4 hours, by default. Registry entries can be used to alter those retention intervals. If the local DNS caching client is disabled, ALL those hostnames (even those on the same domain) will have to get looked up by issuing DNS requests out to the network, out to the Internet, to the specified DNS server (which the user can specify or use the one assigned to them by whatever upstream DHCP server they use which is often their ISP's). All that DNS network traffic takes time. The time for hundreds of DNS lookup requests and waiting to get back a response (the IP address for the external resources on a page) is very short. Whether you use a DNS caching client or not, speeding that up will not alter the time it takes for those external resources to deliver their content for that page. That's why many users use adblockers to eliminate the time to download the unwanted content. You can use GRC's DNSbench to see what are the request and acknowledge times for DNS lookup requests. Different DNS server will have differing response times, and that includes the hops between your endpoint and the targeted DNS server. https://www.grc.com/dns/benchmark.htm I would suggest editing their install-time list of DNS servers as there are *many* that are of no use to you or will never be considered for use. This tool will also indicate which servers will redirected failed lookups to their "help" redirection site (for which they get clickthrough revenue) and which will break some webcentric apps that actually expect a negative (failed) DNS lookup to return a code rather than a success code when reaching their redirection page. Some DNS servers include some filtering, like eliminating or blocking known malicious sites (but there are always a few false positives in those blacklists). For me, I configured the IP protocols on my PC to use the following DNS servers in the following order: Google DNS (8.8.8.8 and 2001:4860:4860::8888), OpenDNS (208.67.222.222 and 2620:0:ccc::2), and my router's internal DNS server (10.0.0.1 and 0:0:0:0:0:ffff:a00:1). This is the preference or fallback order: first to last. OpenDNS includes a malicious site filter that you cannot disable (unless you enlist as a reporter with them). However, I found them (according to DNSbench) to be a tad slower overall than Google's. My router's internal DNS server is not really a server. It is a transparent proxy that merely passes all DNS requests up to its upstream DNS filter. The router is configured to use DHCP which means the router will use my ISP's DNS server; however, that is only used if the prior DNS servers listed in preference order are unreachable (fallback order uses the router last). Remember to do the static DNS server config for both IPv4 and IPv6 addressing. The only time it is recommended to disable the DNS Client server (the local DNS cache) is when using pre-compiled and HUGE 'hosts' files. The 'hosts' file entries are used before using the local DNS cache. In 9x-based Windows, it was noticed the DNS Client could add overhead to using a huge 'hosts' file (I'm talking about the thousands of entries in the 'hosts' file versus the few to a couple hundred for which that text file opened on every DNS lookup and read sequentially line by line was designed for). However, those huge pre-compiled 'hosts' files (used for ad and tracking blocking) add more overhead than does the DNS Client's caching. Those pre-compiled 'hosts' file are huge. The one from MVPS is over *14 THOUSAND* lines long. The 'hosts' file is not cached into memory. It is opened (file I/O API system call) and read one line at a time to sequentially scan the text file for a matching entry on a hostname. It only works on hostnames, not domains, and why there are dozens and dozens of entries for just one resource (e.g., 117 for doubleclick in the MVPS pre-compiled 'hosts' file). I don't believe the DNS Client has incurred overhead on a prior 'hosts' success lookup for a long time in NT-based Windows. As with any process, the DNS Client service will consume resources (CPU and RAM) but it's been awhile since users are still using such ancient processors with tiny system RAM and a slow data bus on the mobo. However, the user might wish to tweak the DNS Client's settings in the registry to immediately flush negative (failed) DNS lookups. The default is 900 seconds (15 minutes). The site may fix a problem but the user will continue to get failed lookups due to the local DNS caching still listing a negative result for that host, but 15 minutes isn't very long. It eliminates you (or external resource links in a delivered web page) from wasting time to query a DNS server only to get back yet another failed result. See Microsoft's KB 318803 (http://tinyurl.com/ybjwbc37). 86400 seconds (24 hours) is the default cache time for positive results. If you often visit flaky or unreliable site or the type that move around a lot, you might want to shorten this to, say, 4 hours which is probably longer than your web sessions in your HTTP client. Because these registry tweaks are under the HKEY_Local_Machine hive, changes there will affect all users accounts in that instance of Windows. If the settings are absent in the registry, the defaults get used. I've left the positive cache set to the 24-hour expiration. I don't leave the web browser open all day but I may load it several times per day and often revisit the same sites (or different sites often access the same off-domain resources; e.g., the Google site for jquery). Since I'm using the defaults, negative results are cached for 15 minutes. I don't visit sites by hostname that move around that often, and if I get a negative DNS result then it is cleared in 15 minutes which is probably longer than me figuring out the cause of the problem with the site being faster than that to correct the problem. There is also the issue that many ISP's operate caching DNS servers. This is to quickly return a positive result for the same lookup request from hundreds, or more, of their customers. Server-side caching helps but you have no control over their positive and negative cache expirations. The GRC DNSbench tool will measure the difference between raw or uncached DNS lookup requests versus those return due to server-side DNS caching: red = cached DNS lookup time, green = uncached DNS lookup time, blue = dot.com lookup time since .com is the most widespread TLD [top-level domain]. |
#7
|
|||
|
|||
Windows DNS cache
On 01/01/2018 03:38, VanguardLH wrote:
Brian Gregory wrote: Note: I'm not going to reconstruct the attribution lines that Mayayana discards in his replies. So I only quote Brian's post in my reply in this subthread. You don't need it if you LAN has it's own DNS cache but I guess it might be worth saving the 12MB of RAM it uses to save doing unnecessary DNS lookups over the Internet. Pages nowadays have resources across many and far flung sites. The content of a page can have ad resources on CDNs (content delivery networks), scripts on tertiary domains (same or different owner than the visited domain), CSS files on other servers, etc. All those resources require DNS lookups. With some pages having hundreds of externally linked resources, there can be hundreds of such DNS requests in just one page. Rarely do sites use IP addresses for their external resources. Some resources may be relatively pathed (i.e., under the same domain as visited) but many sites incorporate off-site or external resources. Having a local cache to shortcut the DNS lookups by finding the IP address for a previously visited site will speed up all those DNS lookups. The positive lookups (those that succeeded) are cached for only a day, by default. The negative lookups (that that failed) are cached for only 4 hours, by default. Registry entries can be used to alter those retention intervals. If the local DNS caching client is disabled, ALL those hostnames (even those on the same domain) will have to get looked up by issuing DNS requests out to the network, out to the Internet, to the specified DNS server (which the user can specify or use the one assigned to them by whatever upstream DHCP server they use which is often their ISP's). All that DNS network traffic takes time. The time for hundreds of DNS lookup requests and waiting to get back a response (the IP address for the external resources on a page) is very short. Whether you use a DNS caching client or not, speeding that up will not alter the time it takes for those external resources to deliver their content for that page. That's why many users use adblockers to eliminate the time to download the unwanted content. You can use GRC's DNSbench to see what are the request and acknowledge times for DNS lookup requests. Different DNS server will have differing response times, and that includes the hops between your endpoint and the targeted DNS server. https://www.grc.com/dns/benchmark.htm I would suggest editing their install-time list of DNS servers as there are *many* that are of no use to you or will never be considered for use. This tool will also indicate which servers will redirected failed lookups to their "help" redirection site (for which they get clickthrough revenue) and which will break some webcentric apps that actually expect a negative (failed) DNS lookup to return a code rather than a success code when reaching their redirection page. Some DNS servers include some filtering, like eliminating or blocking known malicious sites (but there are always a few false positives in those blacklists). For me, I configured the IP protocols on my PC to use the following DNS servers in the following order: Google DNS (8.8.8.8 and 2001:4860:4860::8888), OpenDNS (208.67.222.222 and 2620:0:ccc::2), and my router's internal DNS server (10.0.0.1 and 0:0:0:0:0:ffff:a00:1). This is the preference or fallback order: first to last. OpenDNS includes a malicious site filter that you cannot disable (unless you enlist as a reporter with them). However, I found them (according to DNSbench) to be a tad slower overall than Google's. My router's internal DNS server is not really a server. It is a transparent proxy that merely passes all DNS requests up to its upstream DNS filter. The router is configured to use DHCP which means the router will use my ISP's DNS server; however, that is only used if the prior DNS servers listed in preference order are unreachable (fallback order uses the router last). Remember to do the static DNS server config for both IPv4 and IPv6 addressing. The only time it is recommended to disable the DNS Client server (the local DNS cache) is when using pre-compiled and HUGE 'hosts' files. The 'hosts' file entries are used before using the local DNS cache. In 9x-based Windows, it was noticed the DNS Client could add overhead to using a huge 'hosts' file (I'm talking about the thousands of entries in the 'hosts' file versus the few to a couple hundred for which that text file opened on every DNS lookup and read sequentially line by line was designed for). However, those huge pre-compiled 'hosts' files (used for ad and tracking blocking) add more overhead than does the DNS Client's caching. Those pre-compiled 'hosts' file are huge. The one from MVPS is over *14 THOUSAND* lines long. The 'hosts' file is not cached into memory. It is opened (file I/O API system call) and read one line at a time to sequentially scan the text file for a matching entry on a hostname. It only works on hostnames, not domains, and why there are dozens and dozens of entries for just one resource (e.g., 117 for doubleclick in the MVPS pre-compiled 'hosts' file). I don't believe the DNS Client has incurred overhead on a prior 'hosts' success lookup for a long time in NT-based Windows. As with any process, the DNS Client service will consume resources (CPU and RAM) but it's been awhile since users are still using such ancient processors with tiny system RAM and a slow data bus on the mobo. However, the user might wish to tweak the DNS Client's settings in the registry to immediately flush negative (failed) DNS lookups. The default is 900 seconds (15 minutes). The site may fix a problem but the user will continue to get failed lookups due to the local DNS caching still listing a negative result for that host, but 15 minutes isn't very long. It eliminates you (or external resource links in a delivered web page) from wasting time to query a DNS server only to get back yet another failed result. See Microsoft's KB 318803 (http://tinyurl.com/ybjwbc37). 86400 seconds (24 hours) is the default cache time for positive results. If you often visit flaky or unreliable site or the type that move around a lot, you might want to shorten this to, say, 4 hours which is probably longer than your web sessions in your HTTP client. Because these registry tweaks are under the HKEY_Local_Machine hive, changes there will affect all users accounts in that instance of Windows. If the settings are absent in the registry, the defaults get used. I've left the positive cache set to the 24-hour expiration. I don't leave the web browser open all day but I may load it several times per day and often revisit the same sites (or different sites often access the same off-domain resources; e.g., the Google site for jquery). Since I'm using the defaults, negative results are cached for 15 minutes. I don't visit sites by hostname that move around that often, and if I get a negative DNS result then it is cleared in 15 minutes which is probably longer than me figuring out the cause of the problem with the site being faster than that to correct the problem. There is also the issue that many ISP's operate caching DNS servers. This is to quickly return a positive result for the same lookup request from hundreds, or more, of their customers. Server-side caching helps but you have no control over their positive and negative cache expirations. The GRC DNSbench tool will measure the difference between raw or uncached DNS lookup requests versus those return due to server-side DNS caching: red = cached DNS lookup time, green = uncached DNS lookup time, blue = dot.com lookup time since .com is the most widespread TLD [top-level domain]. I did most of that but now I have set up a DNS cache in my router which intercepts all traffic aimed outwards to port 53 at any IP address and queries OpenDNS when entries have expired. -- Brian Gregory (in England). |
#8
|
|||
|
|||
Windows DNS cache
"Brian Gregory" wrote
| I was wondering what all this talk was of Windows | DNS Cache. I'd never heard of it. It should be clarified | that "Windows DNS Cache" is actually the DNS Client | service. It doesn't need to be enabled at all for most | people. It's possible that people on a network with | Active Directory may need it. I'm not familiar with | that. I suspect they don't and that it will only save | on a few intranet calls. | I've had DNS Client disabled for years and see no | reason to enable it. | | You don't need it if you LAN has it's own DNS cache but I guess it might | be worth saving the 12MB of RAM it uses to save doing unnecessary DNS | lookups over the Internet. | ?? This post was close to 2 years old. I don't have a LAN. I don't allow sharing with other computers for security reasons. If you look it up I think you'll find that the "time to live" for these things is very brief, anyway. A day or less: http://webcache.googleusercontent.co...&gbv=1&ct=clnk Browsers can store their own cache. The default DNS cache expiry in Firefox is 1 minute. The idea is not to store a phone book but rather to save repeated DNS requests for the same URL during a session. If the cache were long-lived there would be problems when a site changes IP address. I ran into that at one point when I found that several sites had disappeared. I finally figured out that the DNS proxy I use, Acrylic, stores a much longer DNS stash. Something like 10 days. Most of the time that's OK, but only if you know about it and know to clear that cache if anything goes wrong. Aside from that, I don't know of any reason to cache DNS or to worry about cache. The storage time is brief and the time required for a DNS query is negligible. So it doesn't much matter one way or the other. |
#9
|
|||
|
|||
Windows DNS cache
On 01/01/2018 03:45, Mayayana wrote:
"Brian Gregory" wrote | I was wondering what all this talk was of Windows | DNS Cache. I'd never heard of it. It should be clarified | that "Windows DNS Cache" is actually the DNS Client | service. It doesn't need to be enabled at all for most | people. It's possible that people on a network with | Active Directory may need it. I'm not familiar with | that. I suspect they don't and that it will only save | on a few intranet calls. | I've had DNS Client disabled for years and see no | reason to enable it. | | You don't need it if you LAN has it's own DNS cache but I guess it might | be worth saving the 12MB of RAM it uses to save doing unnecessary DNS | lookups over the Internet. | ?? This post was close to 2 years old. I don't have a LAN. I don't allow sharing with other computers for security reasons. Surely your PC isn't connected directly to the internet? You should have a firewall or NAT and firewall in between. If you have NAT then you LAN is the connection between the NAT box and your PC. I guess if you only have a firewall then it's reasonable to say there is no LAN. If you look it up I think you'll find that the "time to live" for these things is very brief, anyway. A day or less: http://webcache.googleusercontent.co...&gbv=1&ct=clnk Browsers can store their own cache. The default DNS cache expiry in Firefox is 1 minute. The idea is not to store a phone book but rather to save repeated DNS requests for the same URL during a session. Maybe, but if a DNS result says it's valid for longer why not cache it for a bit longer. It's rather a pathetic PC by modern standards that can't spare 12MB of RAM. Mind you I'm not sure that the DNS cache in Windows 7 does cache for that much longer than a minute. If the cache were long-lived there would be problems when a site changes IP address. I ran into that at one point when I found that several sites had disappeared. I finally figured out that the DNS proxy I use, Acrylic, stores a much longer DNS stash. Something like 10 days. It was probably broken then. Anything that caches DNS results should be asking for the Time To Live of results of queries it caches and not keeping them any longer than that as an absolute maximum. If that's too complicated just keep them, say, an hour. Most of the time that's OK, but only if you know about it and know to clear that cache if anything goes wrong. It's probably a broken cache if it keeps results longer than a day or two absolute max. I think many people would set a DNS cache to cache no longer than a day or two no matter what TTL was reported. Just in case the TTL was over optimistic. Aside from that, I don't know of any reason to cache DNS or to worry about cache. The storage time is brief and the time required for a DNS query is negligible. So it doesn't much matter one way or the other. All those queries to separate site for pictures, javascript, google APIs, Google adverts, other adverts etc. etc. -- Brian Gregory (in England). |
#10
|
|||
|
|||
Windows DNS cache
"Brian Gregory" wrote
| I don't have a LAN. I don't allow sharing with other | computers for security reasons. | | Surely your PC isn't connected directly to the internet? I have a router connected to the cable input and computers connected to that. I don't know if you'd call that a LAN. I don't consider it a LAN because I don't enable networking or filesharing functionality on any of the computers. | Maybe, but if a DNS result says it's valid for longer why not cache it | for a bit longer. | | It's rather a pathetic PC by modern standards that can't spare 12MB of RAM. | I doubt that external IP addresses are being cached via DNS Client. If they were it would be redundant caching. It's not a matter of sparing 12 MB RAM. There's no need for the functionality because I don't have local networking. There's no need for dozens of services. Many are security risks. Since I don't enable any kind of networking I have no need for any of those: Workstation, Server, Remote* (except RPC), COM+, NetLogon, Network DDE, NetMeeting, Messenger, NLA, NPS, RPC security, Routing and Remote Access, SSDP Discovery, UPNP, Terminal Services, WebClient.... All unnecessary without local networking. Many of them risky. It doesn't make sense to assume that someone is trying to conserve RAM just because something isn't running. I just like to keep things clean and lean and as safe as possible. If you're concerned about online speed I don't see the logic. A DNS request probably takes a few ms. If I visit a fast website it loads instantly in my perception. The DNS request is a miniscule part of that. If you find your browser is slow then your time would be better spent editing your HOSTS file to stop ads and maybe disabling script when possible. | If the cache were long-lived there would be problems | when a site changes IP address. I ran into that at one | point when I found that several sites had disappeared. | I finally figured out that the DNS proxy I use, Acrylic, | stores a much longer DNS stash. Something like 10 days. | | It was probably broken then. Anything that caches DNS results should be | asking for the Time To Live of results of queries it caches and not | keeping them any longer than that as an absolute maximum. If that's too | complicated just keep them, say, an hour. | Acrylic has its own system, caching for much longer than normal. It can be adjusted. I'm guessing the author(s) just assumes anyone using it knows enough to manage caching. It's proxy DNS server software. | Aside from that, I don't know of any reason to cache | DNS or to worry about cache. The storage time is brief | and the time required for a DNS query is negligible. So | it doesn't much matter one way or the other. | | All those queries to separate site for pictures, javascript, google | APIs, Google adverts, other adverts etc. etc. | Speak for yourself. There hasn't been a Google ad on my machines for ages. Possibly not in this century. I also block their tracking. And I block web fonts. And I rarely enable script. But even if, for some reason, you welcome all those things, it only needs one DNS request per visit to each domain. As noted above, if you find it lagging then DNS is almost certainly not the problem. Script and ads and spyware are. If your car is sitting too low to drive the solution is not to take the tire guage out of the glove compartment. The solution is to take the concrete blocks out of the trunk. Another issue is that most pages these days are dynamic. Since the page is generated on call, the content and linked images are always new and therefore there's no going to the browser cache. No 304s. Very inefficient. But with speeds what they are it doesn't seem to matter. I suspect any slowness you experience is probably due to the amazingly bloated script that's being used these days. Often 2 MB or more. |
#11
|
|||
|
|||
Windows DNS cache
Mayayana wrote:
"Brian Gregory" wrote | I was wondering what all this talk was of Windows | DNS Cache. I'd never heard of it. It should be clarified | that "Windows DNS Cache" is actually the DNS Client | service. It doesn't need to be enabled at all for most | people. It's possible that people on a network with | Active Directory may need it. I'm not familiar with | that. I suspect they don't and that it will only save | on a few intranet calls. | I've had DNS Client disabled for years and see no | reason to enable it. | | You don't need it if you LAN has it's own DNS cache but I guess it might | be worth saving the 12MB of RAM it uses to save doing unnecessary DNS | lookups over the Internet. | ?? This post was close to 2 years old. I don't have a LAN. I don't allow sharing with other computers for security reasons. There are a couple possibilities. RJ11 +----------------------------------+ RJ45 Eth +------------- ---| ADSL Modem alone or |-----------| Single PC | ADSL Modem/Router in Bridged Mode| PPPOE | Enter user/pass for PPPOE in a windows dialog. +----------------------------------+ | (Older Windows don't have PPPOE, but do have PPP dialup) | Windows Firewall, *only protection* | Can be port scanned for fun and profit. | This is the dumb option, almost like DMZ. +------------- or you could have the more normal setup RJ11 +----------------------------------+ RJ45 Eth +------------- ---| ADSL Modem/Router in Routed Mode |-----------| Single PC | (ISP default, terminates PPPOE| | "Normal" | No password in this box, for network | You put user/pass inside this box| | Windows Firewall optional for IPV4 | IPV4 offers NAT | | Windows Firewall likely useful for IPV6. | IPV6 is security by obscurity | +------------- +----------------------------------+ You can buy single port routers, such as the BEFSR41 years ago. It had one WAN port and one LAN port. A single port router translates between 192.168.0.2 LAN to whatever DHCP WAN address the ISP gives you on PPPOE login. The "ipconfig" command can give you some idea, just how bonkers your setup is :-) In the first picture, your "ipconfig" local address is an internet address, like 71.123.100.32. In the second picture, since routing and local DHCP are in usage, your local address could be 10.x.x.x or 192.168.x.x and so on. The second picture offers some protection for IPV4. Depending on how addresses are allocated (apparently there's more than one way to do it), link local addresses on IPV6 number 4 billion. So if someone wants to scan you, it would take a while just based on IP address alone. Google bought a block of 2^96 IPV6 addresses, leaving 2^64 to address homes, and 2^32 inside each home for IoT etc. I'm still not using IPV6, and have little interest in it (it generally sucks for things I care about). It would be a nightmare to monitor, just to read and translate what the hell the addresses mean. When the day comes that I need to switch, I'm going to have to hire a "network guy" :-( Just so I don't get it wrong. Paul |
#12
|
|||
|
|||
Windows DNS cache
"Paul" wrote
| There are a couple possibilities. | I don't really follow your explanations here. I have cable, not DSL. The cable co-axial connects to a router. Computers are wired to that, using fixed IP addresses on this side. The cable company assigns an outside IP, but it rarely changes. Probably just often enough to stop me hosting a server. I'm using fixed IP only because I don't like to allow svchost through my software firewalls. DHCP is one of the things that runs under svchost. When I first got Win7 that was the only thing that svchost was needed for that I didn't already have disabled. So I switched to fixed IP addressing. ------------------------------------- | RJ11 +----------------------------------+ RJ45 Eth +------------- | ---| ADSL Modem alone or |-----------| Single PC | | ADSL Modem/Router in Bridged Mode| PPPOE | Enter user/pass for PPPOE in a windows dialog. | +----------------------------------+ | (Older Windows don't have PPPOE, but do have PPP dialup) | | Windows Firewall, *only protection* | | Can be port scanned for fun and profit. | | This is the dumb option, almost like DMZ. | +------------- | or you could have the more normal setup | | RJ11 +----------------------------------+ RJ45 Eth +------------- | ---| ADSL Modem/Router in Routed Mode |-----------| Single PC | | (ISP default, terminates PPPOE| | "Normal" | No password in this box, for network | | You put user/pass inside this box| | Windows Firewall optional for IPV4 | | IPV4 offers NAT | | Windows Firewall likely useful for IPV6. | | IPV6 is security by obscurity | +------------- | +----------------------------------+ | | You can buy single port routers, such as the BEFSR41 years ago. | It had one WAN port and one LAN port. A single port router | translates between 192.168.0.2 LAN to whatever DHCP WAN address | the ISP gives you on PPPOE login. The "ipconfig" command | can give you some idea, just how bonkers your setup is :-) | | In the first picture, your "ipconfig" local address is | an internet address, like 71.123.100.32. | | In the second picture, since routing and local DHCP are | in usage, your local address could be 10.x.x.x or 192.168.x.x | and so on. The second picture offers some protection for IPV4. | Depending on how addresses are allocated (apparently there's | more than one way to do it), link local addresses | on IPV6 number 4 billion. So if someone wants to scan you, | it would take a while just based on IP address alone. | | Google bought a block of 2^96 IPV6 addresses, leaving 2^64 | to address homes, and 2^32 inside each home for IoT etc. | I'm still not using IPV6, and have little interest in it | (it generally sucks for things I care about). It would | be a nightmare to monitor, just to read and translate | what the hell the addresses mean. When the day | comes that I need to switch, I'm going to have to hire | a "network guy" :-( Just so I don't get it wrong. | | Paul |
#13
|
|||
|
|||
Windows DNS cache
On Mon, 01 Jan 2018 21:37:00 -0500, Paul wrote:
You can buy single port routers, such as the BEFSR41 years ago. It had one WAN port and one LAN port. You're thinking of the BEFSR11 ;-) The BEFSR41 had a WAN port and 4 LAN ports. (The clue is in the model number, 11 versus 41.) I used to own examples of both. When I had the BEFSR11, I connected an Ethernet switch to the LAN port so that I could connect all of the PCs. Actually, though the BEFSR11 and 41 are long gone, to this day I always connect an Ethernet switch to a LAN port and all of the PCs connect to the switch. That way the LAN stays up when the router has to be rebooted. -- Char Jackson |
Thread Tools | |
Display Modes | |
|
|