Increase TTL

Hi!
After reading https://00f.net/2019/11/03/stop-using-low-dns-ttls/ I want to increase the TTL to a good 20 to 40 Minutes.

Are there any downsides other than

?
I can absolutely live with that, especially now that I know about the issue (If in doubt I may flushdns cache on the client).

Related topic: Change the TTL?

Greets, Blockit

Which TTL? The TTL that comes from the upstream DNS server for any returned DNS request? Or, the TTL that Pi-Hole provides with any domain it blocks?

Note that you won’t save much time in DNS lookups with a long TTL. If you dig a random domain from Google or Cloudflare, the lookup time is typically a few tens of msecs and the returned TTL is reasonably long.

Examples:

dig pi-hole.net @1.1.1.1
...
pi-hole.net. 1742 IN A 206.189.252.21
;; Query time: 18 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
dig pi-hole.net @8.8.8.8
...
pi-hole.net. 760 IN A 206.189.252.21
;; Query time: 30 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)

In the dnsmasq manual page, this note appears with the min TTL command:

"–min-cache-ttl=time

Extend short TTL values to the time given when caching them. Note that artificially extending TTL values is in general a bad idea, do not do it unless you have a good reason, and understand what you are doing. Dnsmasq limits the value of this option to one hour, unless recompiled."

In Unbound (unbound.conf) you set it with

server:
  cache-min-ttl: 600

After reading that link I’m more inclined to say the author is not accurate or correct.

1 Like

We only set the local-ttl, if you want to set up a min-cache-ttl then that’s your choice, noting that unless you recompile the binary you will have a minimum time of 1 hour no matter what you set for the value.

Thank you for your answers.

The upstream one.

Yes but I have a few reasons:

  • the DNS server I use is not the fastest (but privacy friendly and uncensored)
  • I want to reduce the number of requests to spare their free DNS service
  • less requests looks like a good idea in general to me
  • minor response time improvement

Well I want to try it and see if it works. Like adding unknown stuff to the blacklist.

@mibere Ok nice and easy!

So no problem if I set it to 40 minutes. Or am I lost in translation here and it will be fixed to 60 minutes (“no matter what I set the value”)?

It was lost in translation. 1 hr is the maximum of the minimum ttl.

You should be able to do this.

Thank you all for help, works well now.

I simply put

# Change DNS cache TTL to 40 minutes  
min-cache-ttl=2400

into
/etc/dnsmasq.d/05-customadditions.conf

made a restart and according to dig pi-hole.net it works (shows remaining TTL above 3000).

1 Like