Honour A record TTL > 3600 seconds on LAN side lookups for builtin DNS server hosted domains


#1

When configuring DNS for domain probackup.nl to be on the Balance running firmware 5.4.7 and setting an a record its TTL to a value of 86400 (or higher) and setting 4 colocated slave servers to be NS servers for this domain,

Expected result when doing a $ dig de3.probackup.nl on the LAN side:

;; ANSWER SECTION:
de3.probackup.nl. 86400 IN A 193.25.115.57

Real result when doing a $ dig de3.probackup.nl on the LAN side:

;; ANSWER SECTION:
de3.probackup.nl. 3600 IN A 193.25.115.57

For other domains not being hosted on the Peplink device that is both hosting the DNS for this domain and the client DNS resolver but not the Authoritative DNS server, the TTL > 3600 (f.e. 86400) is honored.

Please fix this, and allow client side DNS lookups to have the configured TTL value.

====
Note: result on the internet is good:

;; ANSWER SECTION:
de3.probackup.nl. 86400 IN A 193.25.115.57


#2

Thanks for pointing this out. Let us fix this in a newer firmware release.


#3

For my understanding, you were changing the TTL from 3600 to 86400, right? If it is correct, you need to wait over 3600 seconds (TTL) for the DNS servers in Internet to update the records which contains new TTL value. Most public DNS servers will cache the records until the TTL expire.

By default, Peplink LAN DNS proxy will lookup the DNS records via the DNS servers that you defined in WAN interfaces. Therefore, once the DNS servers in Internet get the updated records (TTL = 86400), and then you lookup the DNS via Peplink LAN DNS proxy, you can get the updated records.


#4

Note that I think that there should only be a shorter-TTL-exception for host names when:

  1. DNS proxy is enabled
    AND
  2. which are listed in the table of "Local DNS Records"
    AND
  3. where the IP address is a local address compared to the interface where the lookup request arrives.

In other words shorten the TTL for 192.168.254.x when lookup request is also arriving on 192.168.254.x network interface, but do not shorten for example for 193.x.x.x when lookup request is also arriving on 192.168.254.x network interface)

Now you can move your laptop to a new network and will the lookup no longer respond with the internal IP, but with the external IP.

It might be a bonus when the Peplink administrator is able to set a TTL value override for these “Local DNS Records”. For some cases the current 3600 seconds TTL override might leave wishes for another value.