Exit relays always return DNS TTL 60 to tor clients
When tor clients resolve a domain name, exit relays are supposed to return the DNS TTL as part of their response.
At the moment, it looks like exit relays always return TTL 0 for both A and AAAA records. Only PTR records seem to come with a TTL > 0. The relevant variables on the exit side are
ttl_ipv6 in src/or/dns_structs.h. The variables should be initialised in the function cached_resolve_add_answer. The variable
ttl_hostname for PTR records is assigned
resolve->ttl_hostname = ttl;
ttl_ipv6, however, are not. Therefore, exit relays always send back TTL 60 to clients (60 instead of 0 because the function dns_clip_ttl turns it into
MIN_DNS_TTL, i.e., 60).
Commit 2889bd264 added the code to tor. It added
ttl_ipv6, but never initialised the latter two. I wonder if this is an oversight? Commit c660a0f6 talks about potential attacks, but I don't think that explains this issue.