DNS TTL best practices: Understanding and configuring DNS TTL
The DNS TTL value shows how long the results of DNS queries are saved for. When moving a website or creating new subdomains, you may want to change the DNS TTL value. Keep reading to learn more about DNS TTL and best practices for setting DNS TTL for your domain names.
What is TTL?
TTL is a DNS record and stands for ‘Time to Live’. It refers to how long your DNS settings are cached for before they are automatically refreshed.
When a DNS change is made, it takes time for the rest of the Internet to notice. Some examples of these kinds of changes are updating the IP address of a server, updating your MX record to host your email at a new location, or adding a new website. The TTL setting tells the Internet how long to wait before returning to check your DNS record for new information.
If your DNS TTL setting is 12 hours, your DNS records will be cached for 12 hours before they expire, and the new information takes effect.
The TTL value on IONOS domains is set for up to 1 hour for all A, AAA, MX, TXT, and CNAME records.
How long is TTL?
TTL is measured in seconds. The typical default value is usually 12 hours (43200 seconds) or 24 hours (86400 seconds). This means that if, for example, a website moves to a new server or you add a new URL to your server, it takes 12 or 24 hours for the new DNS changes to take effect.
DNS TTL best practices
For the most part, there is no need to change your DNS TTL. However, if you know that you will be making a big DNS change soon and you want the changes to take effect quickly, you may want to change your TTL ahead of time.
Update your TTL to a shorter value at least 24 hours ahead of time. You can change it to 3600 (1 hour), for example.
After you’ve made your DNS change, be sure to go back and return your DNS TTL settings to their original values. DNS caching is an important way to reduce load on the servers, and it is best to keep this traffic low.
Please note that even if you change the TTL for your domain name, this does not automatically mean that every network on the Internet will accept this value. Many Internet Service Providers (ISPs) ignore TTL settings and check external DNS records according to their own schedule.
DNS TTL minimum value
If you are planning on making DNS changes soon, you will want set a low TTL. This helps ensure your changes will propagate and be recognised on the Internet more quickly.
Set your DNS TTL minimum value to a number larger than 0. Never set your DNS TTL to 0. The number 0 is not defined in the standard, and it may cause your DNS information to be ignored or rejected.
3600 (1 hour) is a good minimum value. It is low enough for changes to take effect quickly, but not so low that the DNS servers get overloaded.
DNS TTL maximum value
The highest possible DNS TTL value is 604800 (7 days). While technically there is no maximum DNS TTL setting, values over 7 days will be rounded down to 7 days.
Recommendation: For most users, a maximum DNS TTL setting of 86400 (24 hours) is a good choice.
For most users, a maximum DNS TTL setting of 86400 (24 hours) is a good choice.
Dynamic DNS-TTL
Dynamic DNS (DynDNS) is an excellent way to refer domain names to a non-static IP address.
For example, let’s say you own the domain name example.com. You want to refer home.example.com to a server on your home network; however, you do not have a static IP address from your ISP. This means the external IP address for your home server will change periodically.
Check out our guide for the best free DynDNS services.
Dynamic DNS services are able to point a domain name (like home.example.com) to a variable IP. Whenever the IP address changes, your DNS automatically updates so the change quickly takes effect.
If you set up the dynamic DNS for a domain name, you may be asked to provide a TTL for the records. There is no single answer to which TTL value you should use for a dynamic DNS record. It will partly depend on how long the lease on the IP address is. The more often the IP address changes, the lower the TTL you should use.
A good rule of thumb is to make your DDNS TTL half the amount of your DHCP lease. If the IP address lease is set to 60 (1 minute), set your TTL to 30 (30 seconds). If the IP address is set to 3600 (1 hour), set your TTL to 1800 (30 minutes).
How to do a DNS TTL lookup
Now we’ll look at how to check the TTL settings for your website.
Linux, Unix, or Mac OS X
The easiest way to look up TTL settings is to use the dig utility available on Linux, Unix, and Mac OS X.
From the shell (command line), type:
dig example.com
This will return the DNS information (including TTL values) for the domain name.
Windows
On Windows, you can use the nslookup utility to check the DNS TTL values for a website.
First, open a command prompt window.
- 7: Start -> All Programs -> Accessories -> Command Prompt
- 10: Right-click the Start button -> Run -> Type ‘cmd’ in the field and click ‘OK’
To run nslookup and get the TTL values, type:
nslookup –type=soa example.com
This will return the authoritative name server’s information for that domain, including the default TTL in both seconds and hours.
Online
There are several websites that let you use the dig utility to perform a DNS TTL lookup for free.
Below, we use Google Apps.
As you can see, the DNS TTL value for this domain’s records is set to 21599 seconds (6 hours).
How to change TTL if you host your own DNS
If you are running your own DNS server, changing your TTL is simply a matter of editing your DNS zone file and ensuring that your DNS service accepts the changes. The specifics will vary based on which DNS service you are running, and in some cases which version of Linux or Unix you are running.
Once you have made your changes, you can verify that the changes took effect by querying your server for the new DNS information with the command:
dig @localhost example.com
BIND
BIND is the most widely-used DNS software. In BIND, the TTL is stored near the top of the zone file, typically on the second line. The TTL declaration will begin with $TTL. The default TTL is set to four hours (14,400 seconds):
$TTL 14400
Find the Zone File: Red Hat and CentOS
In a typical BIND installation on Red Hat or CentOS, a website’s zone file will be something like /var/named/[domain name].db or /var/named/[domain name].zone. For example, to edit the file for example.com in a typical default setup, the command would be:
sudo nano /var/named/example.com.db
Find the Zone File: Debian and Ubuntu
In a typical BIND installation on Debian or Ubuntu, a website’s zone file will be something like /etc/bind/[domain name].db. For example, to edit the file for example.com in a typical default setup, the command would be:
sudo nano /etc/bind/example.com.db
Editing the zone file
There are two lines you will need to edit in the zone file: the TTL and the serial number. Update the TTL to the value you wish to use, and then update the serial number so that BIND registers the change.
Update the TTL
The TTL will be the first line of the file, and will look something like this:
$TTL 86400
Simply change the number to the TTL value you want to set, in seconds.
Update the Serial Number
In a typical configuration, the serial number will simply need to be incremented. For example, a serial number of 1234 would be updated to 1235.
Some system administrators may use a timestamp, a version number, or have systems in place to automatically increment the serial number. Check with your server’s administrator if you are unsure which system is being used for your BIND serial numbers.
Save and exit the file.
Check the file
Before you reload the changes, check the syntax of the main BIND configuration with the command:
sudo named-checkconf
If all is well, check the syntax of the zone file you just edited with the command:
sudo named-checkzone [domain name] [path to file]
For example, if you changed the TTL for example.com in the file /var/named/example.com.db the command would be:
sudo named-checkzone example.com /var/named/example.com.db
Reload the changes
If the files pass the syntax check, reload the zone file in BIND with the command:
sudo rndc reload example.com
Optional: On Red Hat and CentOS, if systemctl has been configured you can restart BIND instead, using the command:
sudo systemctl restart named
- 99.9% uptime and super-fast loading
- Advanced security features
- Domain and email included
Unbound
Unbound recently replaced BIND as the default DNS server on many BSD systems, including FreeBSD 10 and above and OpenBSD 5.6 and above.
By default on most systems, the configuration file is located at:
- OpenBSD: /var/unbound/etc/unbound.conf
- FreeBSD 10.0 and earlier: /usr/local/etc/unbound/unbound.conf
- FreeBSD 10.1 and above: /etc/unbound/unbound.conf
- Red Hat and CentOS 7: /etc/unbound/unbound.conf
The default Unbound configuration file does not have TTL values specified. You can add TTL to your Unbound zone file with the following attributes:
- cache-max-ttl is the maximum length of time to cache TTL. The default is 86400 seconds (1 day).
- cache-min-ttl is the minimum length of time to cache TTL. The default is 0 seconds. Note: The official documentation recommends that this value be left at 0.
To change or set the TTL, edit your unbound.conf file:
sudo nano /etc/unbound/unbound.conf
Examine the file for the cache-max-ttl and cache-min-ttl attributes. If they already exist, you will be editing them. If they do not exist, you will need to add them:
## Minimum lifetime of cache entries in seconds. Default is 0.
cache-min-ttl: 0
## Maximum lifetime of cached entries. Default is 86400 seconds (1 day).
cache-max-ttl: 14400
Put these configurations inside the main server’s block of commands, then save and exit the file.
After you edit the configuration file, you can test the configuration with the command:
unbound-checkconf
Finally, restart Unbound with the following command for the changes to take effect:
unbound-control reload