On 23/02/13 23:38, Dave Taht wrote:
Simon Kelly took what we had in cerowrt, and improved it substantially, however there is still some stuff that is less than desirable, notably, the DNS TTL is presently set to 0 in the dnsmasq implementation
This isn't quite accurate. Replies with cached data from forwarded queries of course get the TTL from upstream, reduced by the time the data has been cached. Replies with 0 TTL are answers to queries from internal hosts (ie from hosts on the local net) where the data in also local (ie stuff from /etc/hosts, other configuration or DHCP leases). The rationale is that re-doing the query is very cheap for these hosts, and there is no other good value for TTL.
DHCP lease time is not a good value. My laptop can have a DHCP lease with days left to run on my wireless subnet: if I plug in the wired network port, the name will be transfered to the new lease on the wired subnet, and I don't want to wait for days for all the hosts on the net to catch up with the new address.
For queries _not_ from the internal hosts (i.e. the new auth functionality) the TTL in the replies currently defaults to 600, and is configurable. These replies are only ever local data, dnsmasq will never forward-upstream queries from the wider net, to avoid DNS amplification attacks.
Simon. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
