DNS7 min read

What Is DNS TTL and How Does It Work?

TTL — Time to Live — is the number on every DNS record that controls how long it can be cached. Get it right and DNS changes happen smoothly; get it wrong and you could face hours of downtime.

Every DNS record carries a number that most people ignore — the TTL, or Time to Live. This single value determines how long a cached DNS answer can be trusted before it must be refreshed. TTL is the lever that controls the trade-off between DNS performance and propagation speed, and understanding it is essential for anyone managing a domain.

What Is DNS TTL?

TTL stands for Time to Live. It is a 32-bit unsigned integer field present in every DNS resource record, measured in seconds. It tells recursive resolvers, operating systems, and browsers how long they may cache the record before they must query the authoritative nameserver again for a fresh answer.

For example, an A record with a TTL of 3600 may be cached for exactly one hour. After 3,600 seconds have elapsed, any resolver that has cached this record must discard it and re-query the authoritative nameserver on the next request.

text
; DNS zone file — TTL is the third field ; name TTL class type data showdns.net. 3600 IN A 93.184.216.34 mail 86400 IN MX 10 mail.showdns.net. www 300 IN CNAME showdns.net.

How TTL Affects DNS Caching

When a recursive resolver retrieves a DNS record, it stores it in cache along with a countdown timer starting at the TTL value. Each second that passes decrements this timer. When the timer reaches zero, the cached entry is expired and the next query for that record triggers a fresh lookup.

This caching chain runs at multiple layers:

  • Recursive resolver — may serve millions of users; a cached record here means all those users get fast answers without hitting your authoritative nameserver.
  • Operating system — caches records for local applications. Windows and macOS both maintain OS-level DNS caches.
  • Browser — browsers like Chrome maintain their own DNS cache, sometimes ignoring OS-level TTLs in favour of their own minimum floor (Chrome enforces a minimum of 1 second and a maximum of 1 minute for some record types).
TTL Is a Maximum, Not a GuaranteeA TTL of 3600 means a resolver may cache the record for up to one hour. Some resolvers may cache for less time. Some may exceed the TTL slightly. And different resolvers around the world will have fetched the record at different times, so they expire at different moments.

Common TTL Values and When to Use Them

TTL ValueDurationTypical Use Case
601 minuteActive migrations, testing new records, rapid failover scenarios
3005 minutesPre-migration staging (lower to this 24–48 h before making changes)
90015 minutesRecords that change occasionally; balances speed and load
36001 hourStandard default for most A, AAAA, and CNAME records
144004 hoursMX records and other records that rarely change
8640024 hoursNS records, very stable infrastructure records
6048007 daysExtremely stable records — not recommended for most use cases

Choosing the Right TTL Value

The right TTL is a balance between two competing goals:

  • Higher TTL — faster response times (more cache hits), lower load on your authoritative nameserver, but slower propagation when records change.
  • Lower TTL — faster propagation of changes, more flexibility, but higher query volume and slightly increased latency on cache misses.

A good general-purpose starting point is 3600 seconds (1 hour) for most records. For records that you expect to change — such as A records for servers you might migrate — consider 300–900 seconds. For records that almost never change, such as NS records, 86400 seconds (24 hours) is reasonable.

Lowering TTL Before DNS Migrations

One of the most important practical applications of TTL management is the pre-migration TTL reduction. The workflow is:

  1. Identify the records that will change (typically A or AAAA records).
  2. At least 24–48 hours before the migration, lower the TTL to 300 seconds (5 minutes).
  3. Wait for the old TTL to expire worldwide — use the DNS Propagation Checker to confirm the low TTL has propagated.
  4. Perform the migration — update the record to the new IP address.
  5. Monitor that the new record propagates within minutes.
  6. After the migration is confirmed stable, raise the TTL back to its normal value.
Why Wait for the Old TTL to Expire?If you lower your TTL from 86400 to 300 and immediately change the record, resolvers that cached the record with the 86400 TTL will not check for updates for up to 24 hours. You must wait out the old TTL before the new low TTL takes effect globally.

TTL in the SOA Record

The SOA (Start of Authority) record contains a special field called minimum that historically set a default TTL for records in the zone. Modern DNS uses this value as the negative caching TTL — the duration for which NXDOMAIN and NODATA responses are cached. Keeping this value low (300–600 seconds) allows newly-created records to become visible faster after being added to a zone.

text
; SOA record — minimum field controls negative cache TTL showdns.net. 3600 IN SOA ns1.showdns.net. admin.showdns.net. ( 2024010101 ; serial 7200 ; refresh 3600 ; retry 1209600 ; expire 300 ; minimum (negative cache TTL) )

Checking Current TTL Values

You can check the TTL of any live DNS record using the ShowDNS DNS Lookup tool — the TTL is displayed alongside each record in the results. You can also use the command line:

bash
# Show A record with TTL dig showdns.net A # Show remaining TTL (watch it count down) dig @8.8.8.8 showdns.net A +ttlunits

Frequently Asked Questions

What is a good default DNS TTL?

For most domains, a TTL of 3600 seconds (1 hour) is a sensible default for A and AAAA records. It provides reasonable caching performance while keeping propagation time manageable. For records you rarely change, you can go higher; for records that need to change quickly, lower it to 300 seconds.

Does a lower TTL make my website slower?

A very low TTL (such as 60 seconds) means resolvers cannot cache the record for long, leading to more frequent queries to your authoritative nameserver. This adds a few milliseconds of latency on cache misses. For most websites, this is imperceptible to users, but it does increase load on your DNS infrastructure and may matter at large scale.

Can I set a TTL of 0?

Technically, RFC 2181 allows a TTL of 0, which means the record should not be cached at all. In practice, this is rarely used and some resolvers treat it as 1 second. A TTL of 0 creates very high query volumes and should be avoided in production. Use 60 or 300 as your minimum instead.

How long does DNS propagation take?

DNS propagation time is directly tied to TTL. If your record has a TTL of 3600, it can take up to one hour for all resolvers worldwide to pick up a change. Resolvers that cached the record just before you changed it will hold the old value for the full TTL duration. With a TTL of 300, propagation typically completes within 5–15 minutes for most resolvers.

What happens when TTL expires mid-session?

For active TCP connections, TTL expiry has no effect — the existing connection remains open using the original IP. TTL only matters when a new DNS lookup is initiated. Most applications open a connection and then hold it, so TTL expiry during an active session is usually invisible to the end user.

Related Articles