Netgate SG-1000 microFirewall

Author Topic: Is there a way to control dns ttl value of dynamic updates?  (Read 169 times)

0 Members and 1 Guest are viewing this topic.

Offline ivarh

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
Is there a way to control dns ttl value of dynamic updates?
« on: December 03, 2017, 12:01:38 am »
I have followed the guides here on how to set up my dns server running on pfsense to update a zone on my dns server with the host <-> ip mappings and it is working great. The only minor problem is that the dns entries created by dhcpd use a TTL of 3600 seconds. Is there a way to set this to another value. I personally want to set it to 120. Does anyone know if it is possible to change this value and if so how?

-Ivar

Offline ivarh

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
Re: Is there a way to control dns ttl value of dynamic updates?
« Reply #1 on: December 05, 2017, 08:57:11 pm »
I have found a way to set the ttl used by dhcpd when updating the dns server. It is a big hack and really should be added to pfsense.

I edited /etc/services.inc to change
                        if ($dhcpifconf['ddnsdomain'] <> "") {
                                $newzone['domain-name'] = $dhcpifconf['ddnsdomain'];
                                $dnscfg .= "    ddns-domainname \"{$dhcpifconf['ddnsdomain']}\";\n";
                        } else {
                                $newzone['domain-name'] = $config['system']['domain'];
                        }

to
                        if ($dhcpifconf['ddnsdomain'] <> "") {
                                $newzone['domain-name'] = $dhcpifconf['ddnsdomain'];
                                $dnscfg .= "    ddns-domainname \"{$dhcpifconf['ddnsdomain']}\";\n";
                                $dnscfg .= "    ddns-ttl 120;\n";
                        } else {
                                $newzone['domain-name'] = $config['system']['domain'];
                        }

                                $dnscfg .= "    ddns-ttl 120;\n"; is what is added.



Online johnpoz

  • Hero Member
  • *****
  • Posts: 14407
  • Karma: +1334/-199
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Is there a way to control dns ttl value of dynamic updates?
« Reply #2 on: December 06, 2017, 04:35:00 am »
What is the lease time your getting from the dhcp server on your interface?  Setting a ttl of 120 seconds is going to generate a bit more dns traffic than a 3600 ttl..   Why would you need it so short.. Does your IP actually change that often?

Normally dhcp is renewed and will stay the same IP for years!!!  Unless it goes offline for extended period and that lease expires and someone else gets it.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE (home)

Offline ivarh

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
Re: Is there a way to control dns ttl value of dynamic updates?
« Reply #3 on: December 08, 2017, 08:29:33 am »
The domain i do the dynamic updates to is hosted by bind on pfsense itself. This means that there is not much extra internet traffic generated by a low ttl as the clients are set to use pfsense as it's dns server.

The reason I want a low ttl is that when I get a new device I assign a static ip address as soon as it has gotten a dynamic address fromt he dhcp server so that I can be lazy and use the view dhcp leases in pfsense to assign a static address saving to enter the mac address manually with a 1hour ttl it will then take a long time until i can use the hostname to reach the device as it will point to the dynamic address it got originally.


Offline JKnott

  • Hero Member
  • *****
  • Posts: 953
  • Karma: +33/-4
    • View Profile
Re: Is there a way to control dns ttl value of dynamic updates?
« Reply #4 on: December 08, 2017, 09:02:37 am »
????

The DNS TTL only affects devices that have queried the name.  If a device hasn't requested an IP for the host name it will not have the address in it's cache.  So, let the new device boot up, get it's MAC, create the static entry and point the host name to it.  Then, when some other device queries that name, it will get the static address.

I think you may be imaging problems that don't exist.  You'd only have to worry about DNS TTL if a host name had been in use and then the address changed.  The TTL only affect pfSense for host names learned from elsewhere.  When you control the host names on a local DNS, for local devices, there's no cache in pfSense to worry about, as it will rely on what's saved in /etc/hosts.