Change the TTL?

Hi, is it possible to set the TTL in pihole?
I don't use it as a spam filter, just as a nice gui for dns, and i want to avoid thing like these, where my monitoring server is requesting the records every minute.

WOW, how did I miss this option?

/etc/dnsmasq.d/01-pihole.conf

local-ttl=60
1 Like

Note that we decreased the local TTL intentionally to something very small to improve on the situation where a former blacklisted domain is now whitelisted. With a high TTL, the client's operating system may just decide to still cache the blocked domain instead of re-querying the (now permitted) domain from the Pi-hole. Just be aware of this limitation when you increase your local TTL manually, but since you aren't using any blocking lists with Pi-hole this shouldn't matter for you.

Well, I should've press 'send' on my edit..

Edit: Changing this to 86400 for example changes the TTL value, but it's not really changing anything, the monitoring server still request every minute.. (the polling rate is 1 minute, if i'd set it to 15 seconds or so it would request the dns record every 15 seconds)
raspberry. 86400 IN A 192.168.X.X

So i guess it's hardcoded somewhere else?

No, my assumption would be a different: When your server is set up to query every one minute, it will do that regardless of the TTL (may it be seconds or hours). Only if the monitoring server is running a caching DNS server itself, it will answer the requests locally within the given time window. Any standard application that "just queries" will not know about any TTL and will happily query it every time again.

Just as a test: From a linux machine, jun the following command:

$ dig pi.hole

My result is:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> pi.hole
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15285
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pi.hole.			IN	A

;; ANSWER SECTION:
pi.hole.		2	IN	A	192.168.2.2

;; Query time: 8 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Feb 01 20:55:01 CET 2018
;; MSG SIZE  rcvd: 52

Look for the 2 in the ANSWER SECTION. This is the transmitted TTL.

1 Like

Are NULL replies cached? I was under the impression, and appeared to be reflected in some testing, that they are not.

If that is the case, perhaps the "local-ttl=" line from /etc/dnsmasq.d/01-pihole.conf can safely be removed entirely when that blocking option is used (if you want systems to honor the originally intended TTL (to their local cache max)).

The option local-ttl specifies the TTL to be handed out for queries answered from /etc/hosts or the DHCP cache. If this option is left out, a TTL of zero is given out. What do you think would be the benefit of removing this option?

Ah, right, I was thinking about it like the min-cache-ttl in dnsmasq, where not having the setting is an honoring of the original TTL. It doesn't work that way for end-client devices.

It results in that the clients shortly cache the information themselves (if their operating system is capable of doing this), effectively reducing the total amount of queries to a blocked domain. Assume there are five ads on a page that are all hosted by baddomain.com. If the OS and the browser do not support DNS caching or the TTL is set to zero (i.e., "do not cache"), they will query your Pi-hole five times with the same domain. If, however, the operating system/browser can cache the blocked result for a few seconds, it can itself reuse the reply of your Pi-hole, effectively cleaning up your Query Log as only one query is made.

1 Like

We intentionally set local-ttl to such a low value. Assume the following situation:

  • You want to visit a domain that happens to be blocked
  • You put it on the white list
  • You try to visit the page again - it still fails (unless you manually flush the client's cache) because your client still caches the "blocked" behavior for another, say, 590 seconds

If we set local-ttl=2 the overall experience is improved as clients frequently re-query the domains.

Are NULL responses cached like any other? I had thought they were not, but quite possibly they are.

Also, as I better understand now, local-ttl is likely only relevant for domains that are being blocked by the pi-hole. If dnsmasq/ftldns has real TTL data from the lookup, that is supposed to override local-ttl.

Yes. Blocked queries are answered with 0.0.0.0 (or :: in IPv6 space). As these replies are "locally known" (because they are in gravity.list), the local-ttl setting is in charge.

Yes, those and the ones defined locally in the /etc/hosts on your Pi-hole.

Yes.

2 Likes

Where did you put these domains in unbound?

What was the original purpose for doing this? Were you seeing some performance deficiencies in Pi-Hole?

@jfb
my original intention for this was to change it because i use pihole as a normal dns server, not as an adblocker.

i tried to create an own config file /etc/dnsmasq.d/50-lug.conf

in there i've put local-ttl=86400
but then dnsmasq won't start anymore

changing this in the 01-pihole.conf works, but it's gone after updating pihole

I have made a related post here: Dnsmasq host-record setting not working?

I thought local-ttl only refered to the hosts file or dhcp leases.
So if you whitelist a blocked domain, how will this impact then?

Local TTL also applies to items blocked by Pi-hole (more generally any answer from a local source).

If a domain is whitelisted, it is not blocked and the TTL received from the upstream resolver is passed to the requesting client.

Ok, I understand.
For me setting ttl to 3600 works to prevent my Ubiquiti equipment from contacting their controller every second... So maybe this aproach would be better then (so to other devices keep their ttl=2):

host-record=unifihostname,IP,TTL

Should I then remove the records from the hosts file also?
Maybe also interesting for me since I have a few hostnames who point to the same IP and with host-record I can define multiple hostnames for 1 IP instead of multiple in the hosts file.