all: add option to set minimum TTL

In the rescached.cfg, we add option where user can force the minimum
TTL in the DNS answer.
This option is not a standard and not recommended used in public
facing network.
It should be used only for personal and private network.

10 files changed, 56 insertions, 4 deletions

diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc
index 1a5999f..0b5b938 100644
--- a/CHANGELOG.adoc
+++ b/CHANGELOG.adoc
@@ -14,6 +14,17 @@ Legend,
 * 🌼: Enhancement
 * 💧: Chores
 
+[#rescached_v4_5_0]
+==  rescached v4.5.0 (2026-xx-xx)
+
+**🌱 all: add option to set minimum TTL**
+
+In the rescached.cfg, we add option where user can force the minimum
+TTL in the DNS answer.
+This option is not a standard and not recommended used in public
+facing network.
+It should be used only for personal and private network.
+
 [#rescached_v4_4_4]
 ==  rescached v4.4.4 (2025-12-27)
 
diff --git a/_sys/usr/share/man/man1/rescached.1.gz b/_sys/usr/share/man/man1/rescached.1.gz
index 28ade4b..8d95147 100644
--- a/_sys/usr/share/man/man1/rescached.1.gz
+++ b/_sys/usr/share/man/man1/rescached.1.gz
diff --git a/_sys/usr/share/man/man1/resolver.1.gz b/_sys/usr/share/man/man1/resolver.1.gz
index cc737e7..5c02eab 100644
--- a/_sys/usr/share/man/man1/resolver.1.gz
+++ b/_sys/usr/share/man/man1/resolver.1.gz
diff --git a/_sys/usr/share/man/man5/rescached.cfg.5.gz b/_sys/usr/share/man/man5/rescached.cfg.5.gz
index 1c55ae2..3153b85 100644
--- a/_sys/usr/share/man/man5/rescached.cfg.5.gz
+++ b/_sys/usr/share/man/man5/rescached.cfg.5.gz
diff --git a/_www/doc/rescached.cfg.adoc b/_www/doc/rescached.cfg.adoc
index 2e19cac..ef32b18 100644
--- a/_www/doc/rescached.cfg.adoc
+++ b/_www/doc/rescached.cfg.adoc
@@ -70,6 +70,17 @@ dnsmasq_resolv=/etc/rescached/resolv.conf
 ----
 --
 
+[#minimum_ttl]
+==== minimum_ttl
+
+Format:: integer
+Default:: 0 (disabled)
+Description:: Force the TTL in the answer to this value.
+The value is in seconds, default to 0 (disabled).
+Note that this option is not standard and obviously not recommended
+for resolver facing public networks.
+It should be used only in personal or private network.
+
 [#debug]
 ==== debug
 
diff --git a/environment.go b/environment.go
index 7df8bcd..af2e364 100644
--- a/environment.go
+++ b/environment.go
@@ -82,6 +82,13 @@ type Environment struct {
 
 	dns.ServerOptions
 
+	// MinimumTTL force the TTL in the answer to this value.
+	// The value is in seconds, default to 0 (disabled).
+	// Note that this option is not standard and obviously not recommended
+	// for resolver facing public networks.
+	// It should be used only in personal or private network.
+	MinimumTTL uint32 `ini:"rescached::minimum_ttl"`
+
 	Debug int `ini:"rescached::debug"`
 }
 
diff --git a/go.mod b/go.mod
index b1619fe..f62ff6d 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ go 1.24.0
 
 require (
 	git.sr.ht/~shulhan/ciigo v0.15.4-0.20260124144929-5f12f2705a29
-	git.sr.ht/~shulhan/pakakeh.go v0.60.3-0.20260125195513-b5e7b1fefd3a
+	git.sr.ht/~shulhan/pakakeh.go v0.60.3-0.20260202092811-1e3bb9be8444
 )
 
 require (
diff --git a/go.sum b/go.sum
index a309d14..4c9ae66 100644
--- a/go.sum
+++ b/go.sum
@@ -2,8 +2,8 @@ git.sr.ht/~shulhan/asciidoctor-go v0.7.3-0.20260124143117-f289b7f13a1d h1:rdDzlV
 git.sr.ht/~shulhan/asciidoctor-go v0.7.3-0.20260124143117-f289b7f13a1d/go.mod h1:cY9Ae1vu3OniC7z29twH1/PMJa7ZSSUqbK9QQM4/bhc=
 git.sr.ht/~shulhan/ciigo v0.15.4-0.20260124144929-5f12f2705a29 h1:WQt46ZMMLVVSsccM7IGzUz+FrddehvHaplzpBl7u9UI=
 git.sr.ht/~shulhan/ciigo v0.15.4-0.20260124144929-5f12f2705a29/go.mod h1:S2aZR80qc3bN8b6O1gHZiJOfhlzJT7rGn2H82V9wMac=
-git.sr.ht/~shulhan/pakakeh.go v0.60.3-0.20260125195513-b5e7b1fefd3a h1:VwlleUyxkJ+CEP8gs9RLZ3maKdLGVYtvCQzr2wBPqVE=
-git.sr.ht/~shulhan/pakakeh.go v0.60.3-0.20260125195513-b5e7b1fefd3a/go.mod h1:1MkKXbLZRHTcnheeSEbRpGztkym4Yxzh90ep+jCxbDc=
+git.sr.ht/~shulhan/pakakeh.go v0.60.3-0.20260202092811-1e3bb9be8444 h1:mqX+Z2dyfChpFOgt6gV9R5AT3oQN3pw4gMbPQLGm1DI=
+git.sr.ht/~shulhan/pakakeh.go v0.60.3-0.20260202092811-1e3bb9be8444/go.mod h1:1MkKXbLZRHTcnheeSEbRpGztkym4Yxzh90ep+jCxbDc=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
diff --git a/rescached.go b/rescached.go
index 0fb23a5..0e6edfb 100644
--- a/rescached.go
+++ b/rescached.go
@@ -18,7 +18,7 @@ import (
 )
 
 // Version of program, overwritten by build.
-var Version = `4.4.4`
+var Version = `4.5.0`
 
 // Debug level, set by configuration as "rescached::debug".
 var Debug int
@@ -51,6 +51,8 @@ func New(env *Environment) (srv *Server, err error) {
 		return nil, err
 	}
 
+	srv.initHooks()
+
 	return srv, nil
 }
 
@@ -237,3 +239,23 @@ func (srv *Server) watchResolvConf() {
 		srv.dns.RestartForwarders(srv.env.NameServers)
 	}
 }
+
+func (srv *Server) initHooks() {
+	if srv.env.MinimumTTL > 0 {
+		srv.env.ServerOptions.OnAnswerReceived = srv.onAnswerReceived
+	}
+}
+
+func (srv *Server) onAnswerReceived(answer *dns.Answer) {
+	var isLower bool
+	for x := range len(answer.Message.Answer) {
+		if answer.Message.Answer[x].TTL < srv.env.MinimumTTL {
+			isLower = true
+			break
+		}
+	}
+	if isLower {
+		answer.Message.SetTTL(srv.env.MinimumTTL)
+		answer.TTL = srv.env.MinimumTTL
+	}
+}
diff --git a/testdata/rescached.cfg.test.out b/testdata/rescached.cfg.test.out
index 29a0f26..a901f0b 100644
--- a/testdata/rescached.cfg.test.out
+++ b/testdata/rescached.cfg.test.out
@@ -1,6 +1,7 @@
 [rescached]
 file.resolvconf =
 wui.listen = 127.0.0.1:5381
+minimum_ttl = 0
 debug = 1
 
 [block.d "a.block"]