TTL=0 for DNS replies for hosts on network

[GSA]

I replaced by FIOS router with RT-AC87 becouse Verizon router had TTL of 10s for hostnames registered with local DNS which was too low becouse I have a lot of chatty applications (like webcams etc) on local network. I was fully expected something more managable from Asus and expensive router but to my surprise TTL for internal hostnames from ASUS router is ridicilous zero seconds.
That means every single time any of internal clients will try to talk to any other internal client it will have to make DNS query. Pretty dissappointed and wondering if it's somehow configurable or who do I raise this issue to.

Server: router.asus.com
Address: 192.168.1.1

------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
zyxel.artisticcheese.com, type = A, class = IN
ANSWERS:
-> zyxel.myhome.com
internet address = 192.168.1.37
ttl = 0 (0 secs)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
zyxel.myhome.com, type = AAAA, class = IN

 

[System Error Message]

I replaced by FIOS router with RT-AC87 becouse Verizon router had TTL of 10s for hostnames registered with local DNS which was too low becouse I have a lot of chatty applications (like webcams etc) on local network. I was fully expected something more managable from Asus and expensive router but to my surprise TTL for internal hostnames from ASUS router is ridicilous zero seconds.
That means every single time any of internal clients will try to talk to any other internal client it will have to make DNS query. Pretty dissappointed and wondering if it's somehow configurable or who do I raise this issue to.

Server: router.asus.com
Address: 192.168.1.1

------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
zyxel.artisticcheese.com, type = A, class = IN
ANSWERS:
-> zyxel.myhome.com
internet address = 192.168.1.37
ttl = 0 (0 secs)

------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
zyxel.myhome.com, type = AAAA, class = IN

TTL = 0 is for LAN traffic. When traffic passes through a router it's TTL value is decremented. Unless you use layer 3 routing for LAN a TTL value of 0 is good otherwise LAN traffic can leak out. Do not be freaked by this and DNS querying is compulsory for LAN if you define things by names instead of addresses. If not your LAN devices will think that zyxel.myhome.com is on the internet.

 

[GSA]

How longevity of DNS record has anything to do with with other layers of networking? TTL of 0 forces DNS query each and every time for any devices on internal network despite the fact that their values almost never change. It taxes router, it taxes clients, it slows down the rest of the protocol. Even if I don't use FQDN and just type ZYXEL, default DNS suffix will be appended and value still be 0 for the record. What am I missing here? This setting does not bring anything of value to anybody looks like.

 

[System Error Message]

Think of it like this. What use is a DNS cache for a local address? That local address is already there so each time a client requests a DNS it can be from the cache or static. It would make no difference what TTL you set for DNS records for LAN because whether or not it is a local or external domain it will still look it up. Sure it taxes the router but the amount of CPU used for such a thing is very little. Run DNSbench and note your router's CPU usage before running and while running and you will see what i mean. DNS server doesnt use any CPU, it just needs memory for cache.

TTL of 0 lets you update local entries with immediate effect. Even if you had a TTL of 100 it will still look in its cache/written entries so theres really no point in having a TTL for static entries. The processing require is per request not on TTL. The only difference is for external records it would have to look it up again which slows down browsing for example but than again it is counted as a request.

At first i thought you meant routing TTL but DNS TTL of 0 for static entries mean infinite (they never expire) but also allows immediate changes because the host wont cache it. Even so it is a DNS request no different from an external one.

 

[GSA]

If I have a camera which say write image to NAS share on each movement detected, then it will probably have to make 100 queuries to server within 10s period for each of the images, instead of just single one. It will not have to go to DNS server if local DNS cache was populated with proper TTL. There is no reason to have TTL of 0 when DHCP lease time is 1 day. It's just not make any sense to have this setup at all. It makes only a sense if IP to hostname changes frequently which is not the case at all for local hostname with high DHCP lease time.

 

[System Error Message]

Perhaps but are you saying your router cannot handle 100 queries a second? It has a gigabit ethernet port and a good CPU.

It saves your camera a bit of memory not having to cache.

 

[GSA]

Perhaps but are you saying your router cannot handle 100 queries a second? It has a gigabit ethernet port and a good CPU.

It saves your camera a bit of memory not having to cache.

It certainly can, it's just unneccessary DNS chatting with no explainable reason. Also this is taxing client as well which is usually (especially for IP cams are not beefy boxes likes this router).

 

[mstombs]

If you use merlins mod you can easily change this - just add this to the dnsmasq conf file - I do this because I use dnsmasq for adblocking so there are 1000s of sites that appear as local address.

local-ttl=600

 

[GSA]

Thanks.
Is Merlin mod is stable enough for daily use? Even if it's glitches once a month and require reboot etc I'd rather not to go that route. I had bad experience before with DD-WRT so trying to be cautious.

 

[System Error Message]

its more stable than stock.

 

[GSA]

Just installed it looks nice. Now where do I put that value of "local-ttl"? Do I have to do some vodoo with SSH in, using VI to edit some obscure UNIX file or there is nice UI available for this? I looked around a little bit and did not find so far.

 

[mstombs]

A bit of voodoo I am afraid.

I recommend enabling ssh and jffs config scripts on the router and using winscp with notepad++ to edit the files from a windows PC. Other firmwares such as Tomato and dd-wrt do have web gui editors, but once you get used to it merlins method is much more powerful.

You need to add the instruction to the dnsmasq.conf file, which means you need to create the file
/jffs/configs/dnsmasq.conf.add

There are also built in tools to edit default values, I personally ended up with replacing the whole file with a custom version

for reference:-

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files

The files should have unix file properties (notepad++ has the option to convert)

 

[NetworkError]

What a great read