Change the TTL?

Hi, is it possible to set the TTL in pihole?
I don’t use it as a spam filter, just as a nice gui for dns, and i want to avoid thing like these, where my monitoring server is requesting the records every minute.

WOW, how did I miss this option?

/etc/dnsmasq.d/01-pihole.conf

local-ttl=60
1 Like

Note that we decreased the local TTL intentionally to something very small to improve on the situation where a former blacklisted domain is now whitelisted. With a high TTL, the client’s operating system may just decide to still cache the blocked domain instead of re-querying the (now permitted) domain from the Pi-hole. Just be aware of this limitation when you increase your local TTL manually, but since you aren’t using any blocking lists with Pi-hole this shouldn’t matter for you.

Well, I should’ve press ‘send’ on my edit…

Edit: Changing this to 86400 for example changes the TTL value, but it’s not really changing anything, the monitoring server still request every minute… (the polling rate is 1 minute, if i’d set it to 15 seconds or so it would request the dns record every 15 seconds)
raspberry. 86400 IN A 192.168.X.X

So i guess it’s hardcoded somewhere else?

No, my assumption would be a different: When your server is set up to query every one minute, it will do that regardless of the TTL (may it be seconds or hours). Only if the monitoring server is running a caching DNS server itself, it will answer the requests locally within the given time window. Any standard application that “just queries” will not know about any TTL and will happily query it every time again.

Just as a test: From a linux machine, jun the following command:

$ dig pi.hole

My result is:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> pi.hole
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15285
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pi.hole.			IN	A

;; ANSWER SECTION:
pi.hole.		2	IN	A	192.168.2.2

;; Query time: 8 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Feb 01 20:55:01 CET 2018
;; MSG SIZE  rcvd: 52

Look for the 2 in the ANSWER SECTION. This is the transmitted TTL.

1 Like

My mikrotik router will query every 10 seconds for a TTL’s that have timed out.

Mikrotik have not changed this or respect a no-cache. The reason is almost the same for Pi-hole and they use address lists and use short refresh.

This will result the router make thousands of request evey hour while the local information does not change.

Local-ttl=0 will not allow caching information downstream by good system and also does query every time and so your whitelist problem would not exist.
That would be a perfect world.

Are NULL replies cached? I was under the impression, and appeared to be reflected in some testing, that they are not.

If that is the case, perhaps the “local-ttl=” line from /etc/dnsmasq.d/01-pihole.conf can safely be removed entirely when that blocking option is used (if you want systems to honor the originally intended TTL (to their local cache max)).

The option local-ttl specifies the TTL to be handed out for queries answered from /etc/hosts or the DHCP cache. If this option is left out, a TTL of zero is given out. What do you think would be the benefit of removing this option?

Ah, right, I was thinking about it like the min-cache-ttl in dnsmasq, where not having the setting is an honoring of the original TTL. It doesn’t work that way for end-client devices.

What is the advantage of caching of something that is already locally present?

The two seconds local-ttl is exclusively used with Pi-hole and maybe the caurse that it had to be done are resolved in the current version of Pi-hole.

It results in that the clients shortly cache the information themselves (if their operating system is capable of doing this), effectively reducing the total amount of queries to a blocked domain. Assume there are five ads on a page that are all hosted by baddomain.com. If the OS and the browser do not support DNS caching or the TTL is set to zero (i.e., “do not cache”), they will query your Pi-hole five times with the same domain. If, however, the operating system/browser can cache the blocked result for a few seconds, it can itself reuse the reply of your Pi-hole, effectively cleaning up your Query Log as only one query is made.

1 Like

After every update of Pi-hole I have manually set the local-ttl to 600 seconds so that not long local queues are building up for the DNS.

Maybe a patch can help so I am able to manually to override the local-ttl default setting.

We intentionally set local-ttl to such a low value. Assume the following situation:

  • You want to visit a domain that happens to be blocked
  • You put it on the white list
  • You try to visit the page again - it still fails (unless you manually flush the client’s cache) because your client still caches the “blocked” behavior for another, say, 590 seconds

If we set local-ttl=2 the overall experience is improved as clients frequently re-query the domains.

Are NULL responses cached like any other? I had thought they were not, but quite possibly they are.

Also, as I better understand now, local-ttl is likely only relevant for domains that are being blocked by the pi-hole. If dnsmasq/ftldns has real TTL data from the lookup, that is supposed to override local-ttl.

Yes. Blocked queries are answered with 0.0.0.0 (or :: in IPv6 space). As these replies are “locally known” (because they are in gravity.list), the local-ttl setting is in charge.

Yes, those and the ones defined locally in the /etc/hosts on your Pi-hole.

Yes.

2 Likes

I commented out the local-ttl=2 line and got me blocked word “metrics” in regex.list

Dig can be used to request the domain multple times and then I looked in the list if Pi-hole was caching local-ttl=0 requests. It does not cache them but also does not do a new query, it looks like the query is buffered.

31254 usec is 30+msec

local-ttl does only works for data stored locally. For external/upstream TTL information are other TTL setting available to control and change.

I have now moved the local defined domains away from Pi-hole and placed them in Unbound. In this way local-ttl does not work any more on those.

I can now disable or live with the low ttl for local and it applies to all blocked domains and localhost, raspberrypi and pi.hole.

Where did you put these domains in unbound?

In the same way as you would do with blocklists. You have to put on the first line the word server: otherwise it does not gets through unbound-checkconf.

https://deadc0de.re/articles/unbound-blocking-ads.html

cat /etc/hosts | awk '{print "local-zone: \""$2"\" redirect\nlocal-data: \""$2" A "$1"\""}' > hosts.local.conf

As stated earlier, localhost, raspberrypi and pi.hole are not transferred