Understanding and Configuring DNS TTL

Table of Contents

Introduction

Learn about DNS TTL settings, and best practices for setting DNS TTL for your domain names.

What Is TTL?

TTL stands for “Time to Live” and it refers to how long your DNS settings are supposed to be cached before they are automatically refreshed.

When a DNS change is made, it takes time for the rest of the Internet to notice. Some examples of such these changes are updating the IP address of a server, updating your MX record to host your email at a new location, or adding a new website. The TTL setting tells the Internet how long to wait before returning to check your DNS record for potential new information.

If your DNS TTL setting is 12 hours, your DNS records will be cached for 12 hours before they expire and the new information takes effect.

TTL on 1&1 domains is set for up to 1 hour for all A, AAA, MX, TXT, and CNAME records.

How Long Is TTL?

TTL is given in seconds. The typical default value is usually 12 hours (43200 seconds) or 24 hours (86400 seconds). For example - a website moves to a new server; or, you add a new URL to your server. It takes 12-24 hours for the new DNS changes to take effect.

Please note that even if you change the TTL for your domain name, this does not automatically mean every network across the Internet will honor this value. Many internet service providers (ISPs) ignore TTL settings, and check external DNS records on their own schedule.

DNS TTL Best Practices

For the most part, there is no need to change your TTL. However, if you know that you will be making a big DNS change soon, and you want the changes to take effect quickly, you may want to change your TTL ahead of time.

At least 24 hours ahead of time, update your TTL to a shorter value. For example, you may want to change it to 3600 (1 hour).

When your work is done, be sure to go back and return your TTL settings to their original values. DNS caching is an important way to reduce load on the servers, and it is best to keep this traffic low.

DNS TTL Minimum Value

If you are planning to make DNS changes soon, you will want to start by setting a low TTL. This helps ensure your changes will propagate, be recognized on the Internet, more quickly.

Set DNS TTL minimum value to a number larger than 0. Never set your DNS TTL to 0. The number 0 is not defined in the standard, and it may cause your DNS information to be ignored or rejected.

Recommendation: 3600 (1 hour) is a good minimum value. It is low enough for changes to take effect quickly, but not so low that the DNS servers get overloaded.

DNS TTL Maximum Value

The highest TTL value is 604800 (7 days). While technically there is no maximum DNS TTL setting, values over 7 days will silently be rounded down to 7 days.

Recommendation: For most users, a maximum DNS TTL setting of 86400 (24 hours) is a good choice.

Dynamic DNS TTL

Dynamic DNS (DDNS) is an excellent way to point domain names to a non-static IP address.

For example, let’s say you own the domain name example.com. You want to point home.example.com to a server on your home network; however, you do not have a static IP address from your ISP. This means the external IP address for your home server will change periodically.

Dynamic DNS services are able to point a domain name (like home.example.com) to a variable IP. Whenever the IP address changes, your DNS automatically updates so the change quickly takes effect.

If you set up dynamic DNS for a domain name, you may be asked to provide a TTL for the records. There is no single answer to the TTL value you should use for a dynamic DNS record. It will partly depend on how long the lease is on the IP address. The more often the IP address changes, the lower the TTL you should use.

Recommendation: A good rule of thumb is to make your DDNS TTL half the amount of your DHCP lease. If the IP address lease is set to 60 (1 minute), set your TTL to 30 (30 seconds). If the IP address is 3600 (1 hour), set your TTL to 1800 (30 minutes).

How to do a DNS TTL Lookup

Learn how to check the TTL settings for your website.

Linux, Unix, or Mac OS X

The easiest way to look up TTL settings is to use the dig utility available on Linux, Unix, and Mac OS X.

From the shell (command line), type:

dig example.com

This will return the DNS information (including TTL values) for the domain name:

Check DNS TTL from Linux

The value “7728” is the TTL for the record in seconds (7,728 seconds = 2 hours 8 minutes).

Windows

On Windows, you can use the nslookup utility to check the DNS TTL values for a website.

First, open a command prompt window.

• Windows 7: Start -> All Programs -> Accessories -> Command Prompt • Windows 10: Right-click the Start button -> Run -> Type “cmd” in the field and click “OK”

To run nslookup and get the TTL values, type:

nslookup –type=soa example.com

This will return the authoritative name server’s info for that domain, including the default TTL in both seconds and hours.

Check DNS TTL from Windows

In this case, the website’s TTL is set to 3600 seconds (1 hour).

Online

There are several websites which let you use the dig utility to perform a DNS TTL lookup for free.

Below we are using Google Apps: (https://toolbox.googleapps.com/apps/dig/)

Check DNS TTL online

As you can see, the DNS TTL values for this domain’s records is set to 21599 seconds (6 hours).

How to Change TTL if You Host Your Own DNS

If you are running your own DNS server, changing your TTL is simply a matter of editing your zone file, and ensuring that your DNS service accepts the changes. The specifics will vary based on which DNS service you are running, and in some cases which version of Linux or Unix you are running.

Once you have made your changes, you can verify that the changes took effect by querying your server for the new DNS information with the command:

dig @localhost example.com

BIND

BIND is the most widely-used DNS software. Under BIND, the TTL is stored near the top of the zone file, typically on the second line. The TTL declaration will begin with $TTL. The default TTL is set to four hours (14,400 seconds):

$TTL 14400

Finding the Zone File: Red Hat and CentOS

In a typical BIND installation on Red Hat or CentOS, a website's zone file will be something like /var/named/[domain name].db or /var/named/[domain name].zone. For example, to edit the file for example.com in a typical default setup, the command would be:

sudo nano /var/named/example.com.db

Finding the Zone File: Debian and Ubuntu

In a typical BIND installation on Debian or Ubuntu, a website's zone file will be something like /etc/bind/[domain name].db. For example, to edit the file for example.com in a typical default setup, the command would be:

sudo nano /etc/bind/example.com.db

Editing the Zone File

There are two lines you will need to edit in the zone file: the TTL and the serial number.

  1. Update the TTL to the value you wish to use.
  2. Update the serial number so that BIND registers the change.

Updating the TTL

The TTL will be the first line of the file, and will look something like:

$TTL            86400

Simply change the number to the TTL value you want to set, in seconds.

Updating the Serial Number

In a typical configuration, the serial number will simply need to be incremented. For example, a serial number of 1234 would be updated to 1235.

Some system administrators may use a timestamp, a version number, or have systems in place to automatically increment the serial number. Check with your server's administrator if you are unsure which system is being used for your BIND serial numbers.

Save and exit the file.

Checking the File

Before you reload the changes, check the syntax of the main BIND configuration with the command:

sudo named-checkconf

If all is well, check the syntax of the zone file you just edited with the command:

sudo named-checkzone [domain name] [path to file]

For example, if you changed the TTL for example.com in the file /var/named/example.com.db the command would be:

sudo named-checkzone example.com /var/named/example.com.db

Reloading the Changes

If the files pass the syntax check, reload the zone file in BIND with the command:

sudo rndc reload example.com

Optional: On Red Hat and CentOS, if systemctl has been configured, you can restart BIND instead, using the command:

sudo systemctl restart named

Unbound

Unbound recently replaced BIND as the default DNS server on many BSD systems, including FreeBSD 10 and above and OpenBSD 5.6 and above.

By default on most systems, the configuration file is located at:

  • OpenBSD: /var/unbound/etc/unbound.conf
  • FreeBSD 10.0 and earlier: /usr/local/etc/unbound/unbound.conf
  • FreeBSD 10.1 and above: /etc/unbound/unbound.conf
  • Red Hat and CentOS 7: /etc/unbound/unbound.conf

The default Unbound configuration file does not have TTL values specified. You can add TTL to your Unbound zone file with the following attributes:

  • cache-max-ttl The maximum length of time to cache TTL. The default is 86400 seconds (1 day).
  • cache-min-ttl The minimum length of time to cache TTL. The default is 0 seconds. Note: the official documentation recommends that this value be left at zero.

To change or set the TTL, edit your unbound.conf file:

sudo nano /etc/unbound/unbound.conf

Examine the file for the cache-max-ttl and cache-min-ttl attributes. If they already exist, you will be editing them. If they do not exist, you will need to add them:

## Minimum lifetime of cache entries in seconds.  Default is 0.
cache-min-ttl: 0
## Maximum lifetime of cached entries. Default is 86400 seconds (1  day).
cache-max-ttl: 14400

Put these configurations inside the main server clause block of commands, then save and exit the file.

After you edit the configuration file, you can test the configuration with the command:

unbound-checkconf

Finally, restart Unbound for the changes to take effect with the command:

unbound-control reload

Content provided by 1&1

Comments

Tags: DNS / Networking