AdGuardHome icon indicating copy to clipboard operation
AdGuardHome copied to clipboard
verified publisher icon AdguardTeam

Set separate TTL for DNS rewrites

Open emlimap opened this issue 6 years ago • 14 comments

Problem Description

At the moment DNS rewrites have the same TTL as blocked query. Which is 10 seconds by default. The problem with this approach is that 10 seconds is too low, generates lot more queries, clutters up query log and isn't efficient overall.

Workaround is to set blocked_response_ttl to higher value in the config file but that would mean you will have to wait longer whenever a domain is whitelisted in the web gui for browser/client OS DNS cache to time out.

Proposed Solution

One solution would be is to add another config parameter like dns_rewrite_ttl and set the default to say 300 seconds. Rewrites aren't going to change frequently and also something that is manually added by user. This might not need to be exposed in the web gui like how blocked response ttl isn't.

Alternatives Considered

  1. set blocked_response_ttl in config file to a higher value.
  2. Use separate DNS server for rewrites like dnsmasq or unbound.

emlimap avatar Mar 26 '20 19:03 emlimap

This would be useful, i got 9 million of queries per week from home assistant, checking all my smart devices

Elkropac avatar Jan 05 '22 13:01 Elkropac

any news about this?

mada199122 avatar Mar 19 '23 07:03 mada199122

This is something that would be a useful enhancement.

I agree with the separate line in the config file and a default of 300.

No idea if its a complicated addition but hope it can happen.

Pikey18 avatar May 15 '23 23:05 Pikey18

+1 for this

mxbchr avatar Oct 10 '23 12:10 mxbchr

+1 for this too

mada199122 avatar Oct 29 '23 06:10 mada199122

I'd prefer to extend $dnsrewrite with an option to specify TTL

ameshkov avatar Oct 30 '23 11:10 ameshkov

@ameshkov, that is an okay separate feature, but it's really not a complete solution, for the following reasons:

  • The dnsrewrite syntax is already quite extensive, and any extension should be introduced with care. There are a few other proposals regarding extensions of the features (rewriting answers, sections other than ANSWER, etc.), and any of them might introduce backwards-incompatible changes.

  • Any sort of extension to dnsrewrite will not apply to hosts-style rules à la 1.2.3.4 host.example, so you'd need the parameter anyway.

  • The same with Safe Search rules, the legacy rewrites mechanism, /etc/hosts processing, and DHCP client host processing, all of which are kind of rewrites currently.

ainar-g avatar Oct 30 '23 11:10 ainar-g

I am facing this issues too. Is there a timeline to for a solution?

tipuraneo avatar Jan 01 '24 03:01 tipuraneo

Hello all,

Would like to be able to say : For this name just authorize one call per day ... per week .. per minute ... Like some guys here, i got many calls in Home Assistant for example but also on some other devices that call home or even call to check updates... those app got no parameters on how much they can check those updates .. and frankly, checking every hours is nuts. Thanks

Honusnap avatar Feb 07 '24 16:02 Honusnap

Me too, uptime-kuma in particular is clogging up the log and statistics heavily. A seperate ttl in DNS settings would be ideal in mind as well

kelke avatar Mar 19 '24 20:03 kelke

I realize this is an old topic, but just wanted to add that reverse private queries (with actual accurate result of device name), don't get cached at all, and ttl is not extended to the minimum set, as it should. My firewall returns 0 second for RTP, so my MacBook is unable to publish its network name as it expires before the response is given, sends 10 request a second, and this is one device. Without blocking important services, this is 100ks of queries that are futile a day. Lack of override and lack of cache on legit and permanent result (never changed my home devices names) response is too much to bare...

candybars2021 avatar Apr 29 '24 13:04 candybars2021