Understanding TTL Values in DNS
Understand DNS TTL (Time to Live) values and how they affect caching, propagation speed, and performance. Learn recommended TTLs for different record types.
Zone File Entry
example.com. 86400 IN SOA ns1.example.com. admin.example.com. (
2024010101 ; Serial
3600 ; Refresh
900 ; Retry
1209600 ; Expire
86400 ; Minimum TTL
)Detailed Explanation
What Is DNS TTL?
TTL (Time to Live) is a value in seconds that tells DNS resolvers how long to cache a record before querying the authoritative server again. TTL directly affects how quickly DNS changes propagate and how much query load your nameservers receive.
TTL in Zone File Records
; TTL is the second field (in seconds)
example.com. 3600 IN A 203.0.113.50 ; 1 hour
example.com. 86400 IN NS ns1.example.com. ; 24 hours
example.com. 300 IN TXT "v=spf1..." ; 5 minutes
; Default TTL for the zone (applies to records without explicit TTL)
$TTL 3600
How TTL Affects DNS Propagation
When you change a DNS record, the old value remains cached by resolvers worldwide for the duration of the previously set TTL. This is why DNS changes are not instant:
- TTL = 86400 (24 hours): Changes can take up to 24 hours to fully propagate
- TTL = 3600 (1 hour): Changes propagate within 1 hour
- TTL = 300 (5 minutes): Changes propagate within 5 minutes
- TTL = 60 (1 minute): Near-instant propagation, but higher load on nameservers
Recommended TTL Values
| Record Type | Recommended TTL | Reason |
|---|---|---|
| NS | 86400 (24h) | Nameservers change rarely |
| MX | 3600 (1h) | Mail routing needs reasonable stability |
| A / AAAA | 3600 (1h) | Good balance of caching and flexibility |
| CNAME | 3600 (1h) | Same as A records |
| TXT (SPF/DKIM/DMARC) | 3600 (1h) | Changes infrequently |
| CAA | 3600 (1h) | Changes infrequently |
| SRV | 3600 (1h) | Service endpoints are relatively stable |
| SOA Minimum | 300-3600 | Controls negative caching (NXDOMAIN) |
TTL Strategy for Migrations
When planning a DNS migration (e.g., moving to a new server):
- 48 hours before: Lower TTL to 300 seconds
- Wait for the old TTL to expire (so all caches refresh with the new low TTL)
- Make the change: Update the record to the new IP
- After the change: Within 5 minutes, most resolvers will pick up the new value
- After confirmation: Raise TTL back to 3600 or higher
The Trade-Off
Low TTL:
- Faster propagation of changes
- Better for failover scenarios
- Higher query volume to nameservers
- Slightly higher latency for first-time lookups
High TTL:
- Lower query volume and nameserver load
- Faster user experience (more cache hits)
- Slower propagation of changes
- Harder to recover from misconfiguration
SOA Record and Negative TTL
The SOA (Start of Authority) record's Minimum TTL field (last number) controls negative caching — how long resolvers cache the fact that a record does not exist (NXDOMAIN). If a visitor queries a non-existent subdomain, resolvers cache the negative response for this duration.
Common Mistakes
- Setting TTL too high before a migration: Lowering from 86400 means you must wait 24 hours for caches to expire before your low TTL takes effect
- Very low TTL in production: A TTL of 60 seconds means every DNS query hits your nameserver, increasing latency and cost
- Forgetting to raise TTL after migration: Leaving TTL at 300 permanently wastes resources
Use Case
Understand and configure appropriate TTL values for your DNS records to balance between fast change propagation and efficient DNS caching performance.