Round down DNS TTL to the nearest DEFAULT_DNS_TTL (30 minutes)
In #19025 (moved), we fix a bug that prevented exits sending DNS TTLs to clients for IPv4 and IPv6 addresses.
But we don't want to have too many potential values for these TTLs, to avoid tagging attacks.
So I propose
- Exits round down (truncate) the TTL received from the DNS server, and
- Clients round down the TTL received from the Exit, to the nearest of:
- MIN_DNS_TTL (1 minute), or
- DEFAULT_DNS_TTL (30, 60, 90, 120, 150, 180 minutes)
MAX_DNS_TTL is 3 hours, so there are only 7 possible values for the TTL. I chose to round down because that way, Tor DNS TTLs are only ever shorter than the lifetime specified by the DNS server.
I don't think we need to add noise to the TTL received from either the DNS server or Exit. I can't see the value in randomising it, and allowing randomisation could hide a tagging attack.