A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Windows DNS cache (was: Why does Firefox not respect the HOSTS file in Windows)



 
 
Thread Tools Display Modes
  #16  
Old January 2nd 18, 06:52 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Char Jackson
external usenet poster
 
Posts: 8,944
Default Windows DNS cache

On Mon, 01 Jan 2018 23:50:32 -0500, Paul wrote:

Mayayana wrote:
"Paul" wrote

| There are a couple possibilities.
|

I don't really follow your explanations here. I have
cable, not DSL. The cable co-axial connects to a router.
Computers are wired to that, using fixed IP addresses
on this side. The cable company assigns an outside
IP, but it rarely changes. Probably just often enough
to stop me hosting a server.
I'm using fixed IP only because I don't like to allow
svchost through my software firewalls. DHCP is one
of the things that runs under svchost. When I first
got Win7 that was the only thing that svchost was
needed for that I didn't already have disabled. So I
switched to fixed IP addressing.


OK, so we're making progress.

You could do it like this, where the SVCHOST only talks to the router.
Does that assuage your sense of security ? The DHCP in this case,
is in two hops. The router has a client it talks to the ISP with.
The PCs have a client they talk to the router with. The evil svchost
doesn't talk directly to the ISP in this picture.

75ohm coax ------ cablemodem/router ------------ PC#1
---DHCP DHCP ------------ PC#2
for WAN server evil svchost
for LAN

If you do it like this, all you're doing is avoiding the DHCP
on the LAN side of the router.
fixed
75ohm coax ------ cablemodem/router ------------ PC#1 192.168.0.3
---DHCP ------------ PC#2 192.168.0.4
for WAN Some subnet
192.168.0.1
gateway etc.

Your configuration is still pretty conventional, and you're saying
now you have more than one PC connected.

What the router consists of, is a one port router and a switch chip.
The first router I owned, the $300 CDN BEFSR44, actually partitioned
this function as two circuit boards. The modem/router I have now,
all three functions (modem block, router, switch block) are in the
same Broadcom chip.
LAN Side
WAN --- router board ------------- switch chip ----- PC#1
----- PC#2
----- PC#3
consumer router ----- PC#4

Now, in that picture, all the PCs can see one another. The switch
is a learning switch, and it keeps track by observation, as to
what IPs are on each port.


Nit: switches operate on OSI Layer 2, the MAC layer. They don't know or
care anything about IP addresses, which exist on Layer 3. Other than
that, you're right. Just replace IP address with MAC address.

Yes, you can probably use separate subnets and net masks, to logically
prevent the PCs from talking to one another. Is that what you're doing
to silo the PCs on the right ?


"Creative use of netmasks" (for example, /24 on the router's LAN side
and /30 on each PC) and "using different subnets" would both require the
LAN side of the router to be configured with multiple IP addresses. I
don't think any consumer gear can do that, but some 3rd party firmware
probably can.

The router portion is not supposed to route
non-routable addresses like 192.168.x.x, as far as I know.


Right, and even if your consumer gear was horribly broken and allowed
that traffic to go out, it would be dropped at the ISPs first hop.

RFC1918
https://tools.ietf.org/html/rfc1918

The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)


--

Char Jackson
Ads
  #17  
Old January 2nd 18, 07:01 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Char Jackson
external usenet poster
 
Posts: 8,944
Default Windows DNS cache

On Tue, 02 Jan 2018 00:43:57 -0500, Paul wrote:

Char Jackson wrote:
On Mon, 01 Jan 2018 21:37:00 -0500, Paul wrote:

You can buy single port routers, such as the BEFSR41 years ago.
It had one WAN port and one LAN port.


You're thinking of the BEFSR11 ;-)
The BEFSR41 had a WAN port and 4 LAN ports. (The clue is in the model
number, 11 versus 41.)

I used to own examples of both.

When I had the BEFSR11, I connected an Ethernet switch to the LAN port
so that I could connect all of the PCs. Actually, though the BEFSR11 and
41 are long gone, to this day I always connect an Ethernet switch to a
LAN port and all of the PCs connect to the switch. That way the LAN
stays up when the router has to be rebooted.


I was rebooting my router once or twice an evening.
Once of the finest electronics purchases I've ever made...

After a number of attempts to fix it by applying the
next release of firmware, it bricked. I expect that
was the only update that really "settled things".
It was stable after that (sitting in its cardboard box,
waiting for hell to freeze over).


I don't remember having any problems with any of my Linksys routers,
even the much-maligned WRT54G v5.

As you may know, most of this consumer-grade networking gear has a JTAG
header inside, so you can (almost always) recover from a brick.

--

Char Jackson
  #18  
Old January 2nd 18, 08:11 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 4,897
Default Windows DNS cache

Char Jackson wrote:
On Tue, 02 Jan 2018 00:43:57 -0500, Paul wrote:

Char Jackson wrote:
On Mon, 01 Jan 2018 21:37:00 -0500, Paul wrote:

You can buy single port routers, such as the BEFSR41 years ago.
It had one WAN port and one LAN port.
You're thinking of the BEFSR11 ;-)
The BEFSR41 had a WAN port and 4 LAN ports. (The clue is in the model
number, 11 versus 41.)

I used to own examples of both.

When I had the BEFSR11, I connected an Ethernet switch to the LAN port
so that I could connect all of the PCs. Actually, though the BEFSR11 and
41 are long gone, to this day I always connect an Ethernet switch to a
LAN port and all of the PCs connect to the switch. That way the LAN
stays up when the router has to be rebooted.

I was rebooting my router once or twice an evening.
Once of the finest electronics purchases I've ever made...

After a number of attempts to fix it by applying the
next release of firmware, it bricked. I expect that
was the only update that really "settled things".
It was stable after that (sitting in its cardboard box,
waiting for hell to freeze over).


I don't remember having any problems with any of my Linksys routers,
even the much-maligned WRT54G v5.

As you may know, most of this consumer-grade networking gear has a JTAG
header inside, so you can (almost always) recover from a brick.


I think the hardware was buggy on that thing, and no amount of
new firmware would ever fix it. It's fun to pretend though.

So when it bricked, that was a signal... "Hey, time's up" :-)

I wonder if anyone still uses one of those ? Smithsonian ?

I actually own a JTAG cable, but it's based on a parallel port
interface. The design was ancient, the day I bought it. There's
nothing in the room here now, with a parallel port... The board
that connected to, is retired (it's not even inside a computer case).

Paul
  #19  
Old January 2nd 18, 09:18 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Char Jackson
external usenet poster
 
Posts: 8,944
Default Windows DNS cache

On Tue, 02 Jan 2018 02:11:18 -0500, Paul wrote:

I actually own a JTAG cable, but it's based on a parallel port
interface. The design was ancient, the day I bought it. There's
nothing in the room here now, with a parallel port... The board
that connected to, is retired (it's not even inside a computer case).


Heh, mine is based on a parallel port, too. I bought it in 2006 for a
specific purpose and haven't used it since.

--

Char Jackson
  #20  
Old January 2nd 18, 02:57 PM posted to alt.windows7.general,microsoft.public.windowsxp.general
Mayayana
external usenet poster
 
Posts: 3,952
Default Windows DNS cache

"Paul" wrote

| You could do it like this, where the SVCHOST only talks to the router.
| Does that assuage your sense of security ? The DHCP in this case,
| is in two hops. The router has a client it talks to the ISP with.
| The PCs have a client they talk to the router with. The evil svchost
| doesn't talk directly to the ISP in this picture.
|

The point is not that svchost is "evil" but that it's
a wrapper for many other things. For security and privacy
I want a system where only specific programs, like
Firefox or TBird, are allowed out, and only on specific
ports. To allow DHCP means allowing svchost through
the firewall as a process. DHCP itself is not the issue.
But using it means allowing all the other services that
run under it to go through the firewall. Since a fixed
IP is just as easy I don't need to allow svchost through.

Since nearly all software makers these days, including
Microsoft, think they have a right to call home without
asking, I consider it good practice to block all uninitiated
outgoing. That's also a good way to create a warning
system for malware. It means I'm informed about anything
trying to go out that's not pre-approved.

| Now, in that picture, all the PCs can see one another. The switch
| is a learning switch, and it keeps track by observation, as to
| what IPs are on each port.
|
| Yes, you can probably use separate subnets and net masks, to logically
| prevent the PCs from talking to one another. Is that what you're doing
| to silo the PCs on the right ? The router portion is not supposed to route
| non-routable addresses like 192.168.x.x, as far as I know.
|

Frankly I don't understand much about how a
local network is set up because I've never needed
one and always disabled things like filesharing and
networking services for the sake of security. None
of my computers sees another. There's no Network
Neighborhood. External requests are dropped by
the firewall. Filesharing is disabled. Remote Desktop
software would not be usable.

Windows default configuration is intended for
corporate workstation support "out of the box",
but I disable all of that. (The first bug in XP, if I
remember correctly, was the Messenger service.
It was enabled by default, meant to be used on
corporate intranets to allow the IT people to make
announcements. Instead it was being used by
online entities to pop up ads.)

One of the common scams these days is to call
people and tell them their Windows license is expiring.
The caller then convinces the person to download
a kind of Remote Desktop software. The callee then
sees someone controlling their computer, moving the
mouse, opening files... They're convinced that, yes,
Microsoft controls their computer and wants some
money! Personally I don't think that kind of thing
should be possible. The functionality shouldn't be
enabled on anything but a non-critical workstation
that's locked into an intranet.


  #21  
Old January 2nd 18, 11:56 PM posted to alt.windows7.general,microsoft.public.windowsxp.general
Brian Gregory[_2_]
external usenet poster
 
Posts: 28
Default Windows DNS cache

On 02/01/2018 04:17, Mayayana wrote:
I doubt that external IP addresses are being cached via
DNS Client.


They are.
That's what DNS is for.

Simply doing
ipconfig /displaydns
will show that they are being cached.

If they were it would be redundant caching.


A web page can reference a domain like images.mywebsite.org many many
times. It's worth avoiding multiple DNS lookups.

It's not a matter of sparing 12 MB RAM. There's no need
for the functionality because I don't have local networking.


See above.


--

Brian Gregory (in England).
  #22  
Old January 3rd 18, 02:13 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Mayayana
external usenet poster
 
Posts: 3,952
Default Windows DNS cache

"Brian Gregory" wrote

| Simply doing
| ipconfig /displaydns
| will show that they are being cached.
|

You don't get it. I have DNS Client service disabled.
Ipconfig /displaydns does nothing.

| If they were it would be redundant caching.
|
| A web page can reference a domain like images.mywebsite.org many many
| times. It's worth avoiding multiple DNS lookups.
|
Yes, but your browser is probably already caching
as necessary.

http://kb.mozillazine.org/Network.dnsCacheExpiration

FF caches for 60 seconds by default and the
value can be custom-set. But suit yourself.
Personally I don't have any problems with my
browsers.

Actually, Firefox goes to the other extreme. If
you don't set Network.dns.disablePrefetch and
Network.dns.disablePrefetchFromHTTPS to false
then FF will make DNS calls to links in the
webpages you read, just in case you decide to
visit them! And it gets worse. If you don't set
Network.prefetch-next to false then FF will also
load page content that you *might* decide to
visit. It's sacrifing both efficiency and privacy
so that it can look zippy on your next hop.


  #23  
Old January 3rd 18, 02:30 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Brian Gregory[_2_]
external usenet poster
 
Posts: 28
Default Windows DNS cache

On 03/01/2018 01:13, Mayayana wrote:
"Brian Gregory" wrote

| Simply doing
| ipconfig /displaydns
| will show that they are being cached.
|

You don't get it. I have DNS Client service disabled.
Ipconfig /displaydns does nothing.


I was trying to point out that you disabled a service without any proper
idea of what it did.

--

Brian Gregory (in England).
  #24  
Old January 3rd 18, 03:37 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Diesel
external usenet poster
 
Posts: 711
Default Windows DNS cache

"Mayayana"
news alt.windows7.general, wrote:

"Brian Gregory" wrote

| I don't have a LAN. I don't allow sharing with other
| computers for security reasons.
|
| Surely your PC isn't connected directly to the internet?

I have a router connected to the cable input and
computers connected to that. I don't know if you'd
call that a LAN. I don't consider it a LAN because I
don't enable networking or filesharing functionality
on any of the computers.


That's technically a LAN, yes. Despite the fact you aren't actually
taking advantage of it; because you have file sharing, etc, disabled.

Hmm. Why aren't you allowing file shares? You can set permissions on
them.





--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit he
https://tekrider.net/pages/david-brooks-stalker.php
================================================== =
Ability is a good thing but stability is even better.
  #25  
Old January 3rd 18, 03:37 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Diesel
external usenet poster
 
Posts: 711
Default Windows DNS cache

Char Jackson
Tue, 02 Jan 2018
05:09:31 GMT in alt.windows7.general, wrote:

On Mon, 01 Jan 2018 21:37:00 -0500, Paul
wrote:

You can buy single port routers, such as the BEFSR41 years ago.
It had one WAN port and one LAN port.


You're thinking of the BEFSR11 ;-)
The BEFSR41 had a WAN port and 4 LAN ports. (The clue is in the
model number, 11 versus 41.)


I've still got two of the 4port editions. [g] And a Cisco es1500.
Nice little router, dated mind you, but rather nice.

I used to own examples of both.

When I had the BEFSR11, I connected an Ethernet switch to the LAN
port so that I could connect all of the PCs. Actually, though the
BEFSR11 and 41 are long gone, to this day I always connect an
Ethernet switch to a LAN port and all of the PCs connect to the
switch. That way the LAN stays up when the router has to be
rebooted.


Hahah! Same here.

cable to router/ single line coming from router to switch (8port
gigabit), computers tied to switch. So the LAN stays online even if
the cable or router itself goes out. That way, if i'm moving files
around or something and need to reboot cable or the router, I don't
interrupt the file xfer(s) in progress. It also makes troubleshooting
WAN side connectivity issues a little quicker. As it has to either be
the router or the cable modem if the computers see each other. [g]

And it's easy enough to see which it is, cable or router by
attempting to talk to them seperately. For me, I've noticed if I have
to restart the router, it won't bring up the login page for me. And
if the cable needs a kick in the ass, once I release the IP from
inside the router, it can't renew one.






--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit he
https://tekrider.net/pages/david-brooks-stalker.php
================================================== =
Daddy's privates and a cat's springy cat toy are interchangeable.
  #26  
Old January 3rd 18, 03:45 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Mayayana
external usenet poster
 
Posts: 3,952
Default Windows DNS cache

"Diesel" wrote

| Hmm. Why aren't you allowing file shares? You can set permissions on
| them.
|

I don't need to, so I don't need to take the risks.
Allowing functionality between machines can never
be truly risk-free.
Occasionally I move files vis USB stick between
machines, to do something like test software, but
in general I have no reason to share files locally,
and certainly not remotely.


  #27  
Old January 3rd 18, 07:57 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Diesel
external usenet poster
 
Posts: 711
Default Windows DNS cache

"Mayayana" news Wed, 03 Jan 2018 02:45:51 GMT in alt.windows7.general, wrote:

"Diesel" wrote

| Hmm. Why aren't you allowing file shares? You can set permissions on
| them.
|

I don't need to, so I don't need to take the risks.
Allowing functionality between machines can never
be truly risk-free.


Nothing in life is completely risk free...

Occasionally I move files vis USB stick between
machines, to do something like test software, but
in general I have no reason to share files locally,
and certainly not remotely.


I don't share files remotely, either. But, unlike yourself, I have
several machines in file server roles too. One for music, one for
movies/concerts, etc. Too much data to move around via usb stick.


--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit he
https://tekrider.net/pages/david-brooks-stalker.php
================================================== =
'Energize!' said Picard and the pink bunny appeared...
  #28  
Old January 3rd 18, 03:10 PM posted to alt.windows7.general,microsoft.public.windowsxp.general
Mayayana
external usenet poster
 
Posts: 3,952
Default Windows DNS cache

"Diesel" wrote
|
| I don't share files remotely, either. But, unlike yourself, I have
| several machines in file server roles too. One for music, one for
| movies/concerts, etc. Too much data to move around via usb stick.
|

I can see that. I just don't have the need.
My computer is my desk and file cabinet, and
a secondary bookshelf; not my movie or music
store. I don't listen to music, and movies come
from the library or Netflix DVDs. I just don't
have occasion to connect to other computers
in the house. And usually only one, at most, is
running. That would be the computer of my
ladyfriend, who also uses hers as a desk.

If I were going to allow networking I'd do
it only on a sacrifice computer, where I didn't
keep any personal data, only using it for specific
networking needs.

You may wonder about streaming. Why don't
I use a computer to stream from Netflix or Hulu
to a TV? I've thought of that, but I don't see
anything that makes the effort and expense
worthwhile.
Netflix streaming, last I checked, was down
to about 4,000 titles that are mostly junk, and
the number keeps going down.
(OK, some people don't think Star Wars is junk.
My condolences to them. I find it tragic that
George Lucas never got a real job so that we
might be spared his endless regurgitation of
witless cartoons.
Netflix streaming actually rotates movies in
and out. The fees to the studios have made
good service untenable for the prices they
charge, so it's gradually turning into a TV
network with a smattering of 2nd rate movies.

(Come to think of it, that's kind of what happened
to "premium" cable. They went from providing
top-rate movies to a combination of TV shows
and movies that never made it into the theaters.
I suspect the movie studios probably offer good
deals on royalties for new venues but then come
knocking once companies like Netflix, Cinemax,
HBO, etc start making good money.)

Netflix DVDs available when I checked recently
were 93,000. I checked because a lot of people
tell me I should get streaming. But I don't want to
watch serial TV shows and my taste in movies is
mainly "art house" fare that's hard to get. What
I might define as inspiring works of art that are
somehow "touching", rather than entertaining.

It's all just as well. I don't like the way things
are heading with digital entertainment. Cable
services are intrusive and expensive. Streaming is
likely to be worse in terms of intrusion. And now
we have to worry about computerized TVs spying
on viewers and conversation, in order to target ads.
I'm happy with rabbit ears and library/Netfix DVDs.
I'm on my way to the library today, to see what
they've got to watch for the next few days, as
I may get snowed in by the "snow hurricane"
coming up the east coast.

.... Though I do have a few VCR tapes in my
"media library". Wouldja like to borrow Spalding
Gray's Monster in a Box, or Joseph Campbell
interviewd by Bill Moyers, circa 1986?


  #29  
Old January 4th 18, 04:03 AM posted to alt.windows7.general,microsoft.public.windowsxp.general
Diesel
external usenet poster
 
Posts: 711
Default Windows DNS cache

"Mayayana" news Wed, 03 Jan 2018 14:10:23 GMT in alt.windows7.general, wrote:

You may wonder about streaming. Why don't
I use a computer to stream from Netflix or Hulu
to a TV? I've thought of that, but I don't see
anything that makes the effort and expense
worthwhile.


I'm not into the netflix/hulu thing either. I don't watch enough tv at
one time to justify it. I'm happy with mash reruns. [g]

.... Though I do have a few VCR tapes in my
"media library". Wouldja like to borrow Spalding
Gray's Monster in a Box, or Joseph Campbell
interviewd by Bill Moyers, circa 1986?


I may take you up on that someday. I've been on a classic movie kick
lately; old black and white and vintage scifi from the 50s. For some
reason, the stuff fascinates me.


--
To prevent yourself from being a victim of cyber
stalking, it's highly recommended you visit he
https://tekrider.net/pages/david-brooks-stalker.php
================================================== =
What has four legs and an arm? A happy pitbull.
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 03:07 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright 2004-2018 PCbanter.
The comments are property of their posters.