Describe the enhancement:
I am having an issue with auditbeat performing reverse DNS resolution too often. However, it doesn't look like a bug, as the responses seem to have TTL: 0, and based on the documentation it appears as though that response value is honoured and the responses are never cached by design:
https://www.elastic.co/guide/en/beats/auditbeat/master/processor-dns.html
Describe a specific use case for the enhancement or feature:
It would be very useful for me to be able to configure a minimum TTL for caching successful auditbeat reverse DNS resolutions to allow TTL: 0 responses to be cached for the minimum configured time rather than never cached.
Reverse DNS requests are generally out-of-system requests, so there is also the potential for DoS if malicious users are aware of the use of auditbeat reverse DNS resolution and this issue.
Describe the enhancement:
I am having an issue with auditbeat performing reverse DNS resolution too often. However, it doesn't look like a bug, as the responses seem to have
TTL: 0, and based on the documentation it appears as though that response value is honoured and the responses are never cached by design:https://www.elastic.co/guide/en/beats/auditbeat/master/processor-dns.html
Describe a specific use case for the enhancement or feature:
It would be very useful for me to be able to configure a minimum TTL for caching successful auditbeat reverse DNS resolutions to allow
TTL: 0responses to be cached for the minimum configured time rather than never cached.Reverse DNS requests are generally out-of-system requests, so there is also the potential for DoS if malicious users are aware of the use of auditbeat reverse DNS resolution and this issue.