No I haven’t tested that. It doesn’t make sense to me since there are only 1400 records stored, which takes > 250 MB of memory. But I can go ahead and reduce it to an hour straight away.
I have made sure the DNS server does not respond to anything on the WAN interfaces. I have double checked 53/tcp from an external IP using telnet. And the udp rules regarding port 53 are identical (besides protocol) so I am sure that works. Running the host command vs my IP also confirms that nothing wants to respond. And even if it was open to the internet, 1400 records in the cache still shouldn’t use 250 MB of memory, it doesn’t make sense. And as others have reported, flushing the cache changes nothing. The entries in the cache is dropped, the memory usage stays the same.
But thank you for your suggestion. At 12:10:37 local time I changed max ttl to 1h. Cache used is currently 263315KiB. I will check cache usage again later today.