TTL — Time To Live
How long (in seconds) a DNS record can be cached by a resolver.
What is TTL
TTL (Time To Live) is a number in seconds that specifies how long a DNS resolver is allowed to keep a response cached. When the TTL expires, the resolver "forgets" the value and re-requests it from the authoritative nameserver.
Example
example.com. 3600 IN A 93.184.216.34
Here the TTL is 3600 seconds — one hour. Any resolver that receives this response
will use it for 1 hour before querying again.
Trade-off: low vs high TTL
| Low (60–300s) | High (3600–86400s) | |
|---|---|---|
| Change propagation | ✅ Fast | ❌ Slow |
| DNS load on your NS | ❌ High | ✅ Low |
| Latency for users | ❌ More frequent queries | ✅ Cached |
| Failover speed | ✅ Fast | ❌ Slow |
Best practices
- Stable records (apex A, NS, MX): TTL
3600or86400. - Frequently changing records (load balancers, geo-routing):
60–300. - Before a scheduled migration: lower the TTL to
300a few hours/days ahead so that when you make the change it propagates almost instantly. - After migration: restore a higher TTL to reduce DNS traffic.
Negative caching (negative TTL)
Not only positive responses are cached, but also negative ones (NXDOMAIN: "the name
does not exist"). The TTL for negative responses is determined by the SOA
record (the MINIMUM parameter). If you create a new subdomain and someone has
already cached its NXDOMAIN, they will have to wait for the SOA TTL before they can "see" it.