Ttl - Set Custom TTL Value

Ttl - Set Custom TTL Value

This modifier allows to modify the Time-to-Live (TTL) values in the DNS response, overriding any TTL settings specified in the configuration file.

When applied, it modifies the TTL value for each answer included in the DNS response body.

TTL is a field in a DNS packet that defines how long (in seconds) the data can be stored in cache by resolvers or clients. Once the TTL expires, the cached data becomes outdated, and a new query is required to refresh the information.

This modifier is compatible with and can be combined with any other existing feature or modifier.

Category: Packet manipulation

Format 

*.ttl<NUMBER>.*

Where:

  • The <NUMBER> parameter specifies the TTL value to be applied to each answer (record) in the response. Note that the maximum TTL value is 2,147,483,648 seconds (approximately 68.09 years), as the TTL field is 31 bits long.

Examples

In this example, we use the basic always feature which always resolves to an IP address. We specify the TTL value to be 12345678 in the DNS response:

# dig always.ttl12345678.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> always.ttl12345678.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31255
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;always.ttl12345678.yourdomain.com. IN	A

;; ANSWER SECTION:
always.ttl12345678.yourdomain.com. 12345678 IN A 2.3.4.5

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Oct 23 11:55:57 +04 2024
;; MSG SIZE  rcvd: 67

Download PCAP File

We can see that the answer has a TTL value of 12345678.


In this example, we use the size feature which returns multiple anwers at once. We specify the TTL value to be 99999 for each answer:

# dig size.ttl99999.yourdomain.com @127.0.0.1

; <<>> DiG 9.18.10-2-Debian <<>> size.ttl99999.yourdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39947
;; flags: qr aa; QUERY: 1, ANSWER: 29, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;size.ttl99999.yourdomain.com.	IN	A

;; ANSWER SECTION:
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.164
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.172
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.32
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.86
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.87
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.47
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.166
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.132
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.120
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.208
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.172
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.15
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.17
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.181
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.56
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.248
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.169
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.108
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.83
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.132
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.16
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.229
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.80
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.81
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.142
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.19
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.190
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.91
size.ttl99999.yourdomain.com. 99999 IN	A	127.0.0.130

;; Query time: 8 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Oct 23 13:01:26 +04 2024
;; MSG SIZE  rcvd: 510

Download PCAP File

We can see that each record has a TTL value of 99999.


From the same category

See also


Go back to catalogue.