When tor clients resolve a domain name, exit relays are supposed to [return the DNS TTL as part of their response](https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt#n1345). At the moment, it looks like exit relays always return TTL 0 for both A and AAAA records. Only PTR records seem to come with a TTL > 0. The relevant variables on the exit side are `ttl_ipv4` and `ttl_ipv6` in [src/or/dns_structs.h](https://gitweb.torproject.org/tor.git/tree/src/or/dns_structs.h#n80). The variables should be initialised in the function [cached_resolve_add_answer](https://gitweb.torproject.org/tor.git/tree/src/or/dns.c#n324). The variable `ttl_hostname` for PTR records is assigned `ttl`: ``` resolve->ttl_hostname = ttl; ``` The variables `ttl_ipv4` and `ttl_ipv6`, however, are not. Therefore, exit relays always send back TTL 60 to clients (60 instead of 0 because the function [dns_clip_ttl](https://gitweb.torproject.org/tor.git/tree/src/or/dns.c#n262) turns it into `MIN_DNS_TTL`, i.e., 60). Commit [2889bd264](https://gitweb.torproject.org/tor.git/commit/?id=2889bd2642ada3a2aa55fa4909825dfb7e90812e) added the code to tor. It added `ttl_hostname`, `ttl_ipv4` and `ttl_ipv6`, but never initialised the latter two. I wonder if this is an oversight? Commit [c660a0f6](https://gitweb.torproject.org/tor.git/commit/?id=c660a0f6a2875a8b9b612f28a7f752b3ca8eb5da) talks about potential attacks, but I don't think that explains this issue.