DNS resolver 9.9.9.9 will check requests against IBM threat database

[ColinTaylor]

So how long are we talking?

We are talking about routers not full blown DNS servers right?

Here is a link on Microsoft's tech site. Notice TTL is measured in seconds.
https://technet.microsoft.com/en-us/library/cc958972.aspx

Router's should still honour the TTL specified by the source DNS record.

TTL's are quite often about 5 minutes. But something like bbc.net is 24 hours.

 

[coxhaus]

So 5 minutes 300 seconds, I don't really see that helping much at home. Work yes home no. I rarely go outside the US.

I once tracked my DNS locations and started adding static entries for places I go using Micrsoft DNS. It kind of works.

Now I just look for fastest access for painting web pages.

 

[RMerlin]

So how long are we talking?

We are talking about routers not full blown DNS servers right?

Here is a link on Microsoft's tech site. Notice TTL is measured in seconds.
https://technet.microsoft.com/en-us/library/cc958972.aspx

No, I was referring to full blown DNS resolvers.

Router caches still should honor the TTL. A few years ago various users were comparing their router's dnsmasq cache, and nobody could show a router where the cache had forcibly expired entries due to lack of space with the default 1500 entries value.

Not the best example since my router was rebooted last night, but here's a sample:

Mar  4 13:50:06 dnsmasq[1245]: time 31589
Mar  4 13:50:06 dnsmasq[1245]: cache size 1500, 0/7159 cache insertions re-used unexpired cache entries.
Mar  4 13:50:06 dnsmasq[1245]: queries forwarded 3102, queries answered locally 2268
Mar  4 13:50:06 dnsmasq[1245]: DNSSEC memory in use 4576, max 5676, allocated 149996
Mar  4 13:50:06 dnsmasq[1245]: server 206.248.154.170#53: queries sent 2113, retried or failed 28
Mar  4 13:50:06 dnsmasq[1245]: server 206.248.154.22#53: queries sent 1888, retried or failed 16

You can force your dnsmasq to dump its stats to syslog by sending it a SIGUSR1 signal.


Personally when I configure a DNS zone for a customer I tend to use a TTL of 1 hour (3600). I will reduce it to 300 if we are planning a record change, but I bump it back to 3600 once the change has been completed and validated. 3600 and 14400 are fairly common TTL values (1h and 4h). The goal there is to ensure optimal performance both for the server and the clients, at the expense of freshness.

 

[coxhaus]

Yea I wanted say I think Smoothwall firewall had some ways to modify TTL or caches for long term but it has been so long ago. There was not much ram back then. I probably still have my Pentium II 300 up in the attic where my Smoothwall was installed. I was hacked to where my forwarding IP address for DNS was pointed to China. My network crawled because my DNS was routing through China. It took me a couple of days to figure it out. I was still working back then so I had less time to work on my network.

I don't think it is was Smoothwalls problem but I quit using it and switched over to Untangle. The early days. Back then I ran my own mail server (exchange), web pages and DNS server.

So I always try to stay aware of web page painting time.

I also lock my DNS servers so no other DNS will work in my network. Once DNS fails all machines can be corrupted with crafted web pages. So all machines need to be rebuilt from scratch.