DNS request limitation

Gibraltar · February 19, 2022, 9:40am

Hello there!

Did find out that if address list contains domain names instead of direct IPs, mikrotik doing DNS request every 1 to 5 minutes to find out IPs.
I’ve got a custom DNS resolver with DNS request limitation, so I’m curios is there any possibility to decrease number those address list DNS requests? May be increase period between request for 1 day somehow?
Also those requests from address list avoiding DNS cache, may be it’s a bug.

pe1chl · February 19, 2022, 9:56am

The rate at which it queries the DNS is the same as the TTL in the DNS records.
The first query may be quicker (depending on if it was cached) but thereafter it should query at the correct rate.
So you need to set the TTL of the DNS records to 1 hour or 1 day or similar to set this.

Gibraltar · February 19, 2022, 7:51pm

Thanks for the respond!

But it’s not clear to me.

So you need to set the TTL of the DNS records to 1 hour or 1 day or similar to set this.

You mean that?
But in cache TTL was 5 minutes

And as I can see it is 5 minutes

May be I get it wrong?

msatter · February 19, 2022, 8:31pm

I can see your images.

However TTL determines how long the DNS resolve is valid. A DNS client will use the cache as long as the TTL is not expired. If the TLL is expired then a new resolve is done and the result is cached again.

TTL means, what you could be different already now but we will honor that result for the time the TTL is valid.

If you set in the router a max. cache TTL then you are trusting not the TTL of the DNS server saying 8 hours and you shorten that to 5 minutes. Any TTL lower provided by DNS server is still being valid for that period.

Mikrotik refuses to implement a minimum cache TTL so you don’t control the minimum cache duration. Example, DNS sever say 3 minutes and you can then slam a TTL of 30 minutes on it and so ignoring any updates by the DNS server for the next 30 minutes.

I hope is clearer now how TTL is working on DNS resolves.

pe1chl · February 20, 2022, 9:59am

When it is not your own DNS record, and it is set ridiculously low by the owner, there is nothing you can do!

msatter · February 20, 2022, 12:49pm

Yes, you can. Put an other DNS resolver between the upstream DNS and the client and you can do what Mikrotik won’t allow you to do.

Change the TTL with minimum TTL of a DNS resolve to your liking.

Sob · February 21, 2022, 1:53am

I’d be careful with that. What if someone actually has a reason for short TTL? If authoritative server says that hostname points to address X and it’s valid for 5 minutes, but you increase it to an hour, it’s possible that at any time after those 5 minutes the service may no longer be at X. So it won’t work, and you’ll have to wait until your extra TTL expires, before it starts to work again (when you’ll get fresh record pointing to new address).