Increase TTL

Blockit · November 6, 2019, 1:51pm

Hi!
After reading Stop using ridiculously low DNS TTLs | Frank DENIS random thoughts. I want to increase the TTL to a good 20 to 40 Minutes.

Are there any downsides other than

?
I can absolutely live with that, especially now that I know about the issue (If in doubt I may flushdns cache on the client).

Related topic: Change the TTL?

Greets, Blockit

jfb · November 6, 2019, 3:41pm

Which TTL? The TTL that comes from the upstream DNS server for any returned DNS request? Or, the TTL that Pi-Hole provides with any domain it blocks?

Note that you won't save much time in DNS lookups with a long TTL. If you dig a random domain from Google or Cloudflare, the lookup time is typically a few tens of msecs and the returned TTL is reasonably long.

Examples:

dig pi-hole.net @1.1.1.1
...
pi-hole.net. 1742 IN A 206.189.252.21
;; Query time: 18 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)

dig pi-hole.net @8.8.8.8
...
pi-hole.net. 760 IN A 206.189.252.21
;; Query time: 30 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)

In the dnsmasq manual page, this note appears with the min TTL command:

"--min-cache-ttl=time

Extend short TTL values to the time given when caching them. Note that artificially extending TTL values is in general a bad idea, do not do it unless you have a good reason, and understand what you are doing. Dnsmasq limits the value of this option to one hour, unless recompiled."

mibere · November 6, 2019, 5:09pm

In Unbound (unbound.conf) you set it with

server:
  cache-min-ttl: 600

DanSchaper · November 6, 2019, 5:34pm

After reading that link I'm more inclined to say the author is not accurate or correct.

DanSchaper · November 6, 2019, 7:13pm

We only set the local-ttl, if you want to set up a min-cache-ttl then that's your choice, noting that unless you recompile the binary you will have a minimum time of 1 hour no matter what you set for the value.

Blockit · November 8, 2019, 9:23pm

Thank you for your answers.

The upstream one.

Yes but I have a few reasons:

the DNS server I use is not the fastest (but privacy friendly and uncensored)
I want to reduce the number of requests to spare their free DNS service
less requests looks like a good idea in general to me
minor response time improvement

Well I want to try it and see if it works. Like adding unknown stuff to the blacklist.

@mibere Ok nice and easy!

So no problem if I set it to 40 minutes. Or am I lost in translation here and it will be fixed to 60 minutes ("no matter what I set the value")?

DanSchaper · November 8, 2019, 9:26pm

It was lost in translation. 1 hr is the maximum of the minimum ttl.

jfb · November 8, 2019, 10:05pm

You should be able to do this.

Blockit · November 8, 2019, 10:32pm

Thank you all for help, works well now.

I simply put

# Change DNS cache TTL to 40 minutes  
min-cache-ttl=2400

into
/etc/dnsmasq.d/05-customadditions.conf

made a restart and according to dig pi-hole.net it works (shows remaining TTL above 3000).

system · December 1, 2019, 8:11pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.