Ttl on local dns

bkbartje · February 28, 2022, 10:32pm

Hello,

is it possible to modify the ttl of the local dns domains?
now it's 0 which makes the amount of dns requests to my internal site crazy high.

jfb · February 28, 2022, 10:40pm

The default TTL for locally resolved domains is 2 seconds.

Austin5456 · March 1, 2022, 3:33am

You can change it here, but from what I understand when you update pihole it will be wiped.

/etc/dnsmasq.d/01-pihole.conf

local-ttl=60

You might be interested in this thread ( source of the above )

DL6ER · March 1, 2022, 3:38am

You may set the local-ttl value to anything you like you should just not do it in any of the files Pi-hole will overwrite. However, you can simply create a custom file yourself, like /etc/dnsmasq.d/99-local-ttl.conf and add the setting there. Don't forget to do a pihole restartdns afterwards.

This thread is four years old and outdated. The local-ttl isn't responsible for blocked queries any longer. This is now independently controlled by the FTL setting BLOCK_TTL.

Austin5456 · March 1, 2022, 4:06am

With this new info I decided to update my files and added /etc/dnsmasq.d/99-local-ttl.conf with the line BLOCK_TTL=120
Though it's being reported as invalid?
"FTL failed to start due to bad option at line 1 of /etc/dnsmasq.d/99-local-ttl.conf"

Bucking_Horn · March 1, 2022, 6:18am

You've edited the wrong file:

At the top of the linked page for FTL's configuration:

You can create a file /etc/pihole/pihole-FTL.conf that will be read by FTL DNS on startup.

bkbartje · March 1, 2022, 7:16am

thank you all,
strange thing for me is that default the ttl is 0 not 2, as was expected. (see line 38)

Server:  pi.hole
Address:  192.168.180.10

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        <mydomain>.duckdns.org.lan, type = A, class = IN

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        <mydomain>.duckdns.org.lan, type = AAAA, class = IN

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        <mydomain>.duckdns.org, type = A, class = IN
    ANSWERS:
    ->  <mydomain>.duckdns.org
        internet address = 192.168.180.13
        ttl = 0 (0 secs)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 5, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        <mydomain>.duckdns.org, type = AAAA, class = IN

------------
Name:    <mydomain>.duckdns.org
Address:  192.168.180.13

I tried some configs
changing

/etc/pihole/pihole-FTL.conf

didn't help.

adding BLOCK_TTL=60 to 99-local-ttl.conf made the complete dns fail, however it says it started correctly.

 [✓] Restarting DNS server

but adding local-ttl=60 to /etc/dnsmasq.d/99-local-ttl.conf works.

edit:
now I see, local-ttl and block-ttl are 2 separate settings

Bucking_Horn · March 1, 2022, 7:31am

Wrong file for that option - see my post above.

Pi-hole may not be involved here:
That looks very much like a public domain.

Your domain hoster would control the TTL of the respective DNS records.
Depending on your hoster, you may or may not be able to configure TTLs for your domains.

If you've instead configured Pi-hole with a local DNS record for that public domain name, note that you would be seeing the remaining TTL with a DNS reply, i.e. the time that a requesting client may hold on to the DNS reply before it should be considered stale and should be requested anew.
With a low 2 seconds TTL, it wouldn't be unusual to see that reduced to zero.
EDIT: And of course, if you don't block that domain, its TTL would be controlled by dnsmasq's local-ttl as usual instead of pihole-FTL's BLOCK_TTL - but you've figured that already.

bkbartje · March 1, 2022, 8:15am

I did, because I don't need to go out to contact to my internal website. Also for some reason my new modem does not accept requests to my own external ip.

But now I know,
TTL of local dns default = 0
TTL of blocked DNS by default = 2

    QUESTIONS:
        ms.applvn.com, type = A, class = IN
    ANSWERS:
    ->  ms.applvn.com
        internet address = 0.0.0.0
        ttl = 2 (2 secs)

and there are 2 different settings to change the different values.

2 on block_ttl is fine for me, I only needed to change local_ttl

Austin5456 · March 1, 2022, 2:02pm

Ahh good catch, thanks!

system · March 22, 2022, 2:02pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.