I'm running a caching DNS server currently to improve latency in a network.
The question is: can I override the TTL I get from a server using BIND9 or other software on Linux?
short "dig www.google.com" here:
; <<>> DiG 9.6.1-P2 <<>> www.google.com
;; ANSWER SECTION: www.google.com. 604441 IN CNAME www.l.google.com. www.l.google.com. 300 IN A 74.125.45.147
Can I change that '300' into 15 minutes?
Thanks you so much for your time!!.
CAN this be done? Sure - there are broken DNS servers (e.g. the ones AOL runs) that do this, and every admin I know hates it.
SHOULD this be done? Almost certainly no.
Generally speaking the TTL was set to a particular value for a reason (in google's case, probably fault tolerance: You'll only be unable to reach google for 5 minutes if that server blows up), and you shouldn't muck about with it.
You're already getting a performance boost by keeping the google.com record in your cache for the 5 minutes it's intended to live for since your individual workstations won't be running out to the internet for resolution -- don't over-optimize and break the expected behavior :)
the DIRTIEST most ugliest thing that can be done is...
1-Downloading the source 2-find the file called cache.c 3-find the function is_expired
4- Change it in this way
static int is_expired(time_t now, struct crec *crecp)
{
if (crecp->flags & F_IMMORTAL)
return 0;
if (difftime(now, crecp->ttd) < 0)
return 0;
return 0; // IT WAS IN ONE
}
When the function ask did expire? we always saw no
In this way it will never expire and you will conquer the world.
OUTPUT:
; <<>> DiG 9.6.1-P2 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28477
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 603937 IN CNAME www.l.google.com.
www.l.google.com. 4294966733 IN A 209.85.195.99
www.l.google.com. 4294966733 IN A 209.85.195.104
www.l.google.com. 4294966733 IN A 209.85.195.147
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 17 18:34:47 2010
;; MSG SIZE rcvd: 110
If you're really interested in history rather than accuracy, the quickest dirtiest hack you can do is probably make your name server an authoritative master for the domain and recreate the zonefile as frequently as needed through a script. Definitely only recommended for taking over the world though, not for real life.
In general if you really want a record of very short TTL to persist within an application, it seems the only sensible way is to cache it within the application.
Min TTL
Yes, you can do this in ISC Bind with a simple change to their source code. They will not provide a mechanism for you to do this for ideological reasons.
Yes, you can also set or override the min-ttl of recursive DNS requests in Unbound DNS without having to recompile anything. That said, you should compile the latest version, as the 1.4 branch in the EPEL repo has a few bugs that will not be fixed and so that you can set all of the glibc hardening flags.
cache-min-ttl: 60
While it is correct that folks should use caution when applying this on recursors used by many applications and/or people, there are several use cases where it may be appropriate. This assumes the person overriding min-ttl understands what applications are utilizing their DNS infrastructure and what impact overriding this can have. To say that it should never be done would be an incorrect generalization.
My Personal Experience
I have used the cache-min-ttl: setting in Unbound DNS to mitigate some privacy attacks of tracking websites. I have also used it to correct invalid DNS set by folks that are setting a TTL of 0 which technically violates a few RFC's. Given that I control my own recursors and they are only used by me, the risk is very low.
See similar question here dnsmasq: how to increase TTL? and another one here Is there an alternative to "dnsmasq"?
