Check DNS record time to live (TTL)

VIP recommends reducing the Time to Live (TTL) of a domain’s DNS record to 300 seconds at least a day before launching a site. This makes it possible for propagation to complete more quickly when the IP / CNAME / A record is changed at launch time and most browsers will be directed to the newly launched site within a few minutes of launch.

TTL is a value associated with a DNS record that tells other servers how long to cache the DNS record. Longer TTLs cause the DNS resolvers to cache the data longer, and it can take longer for changes to propagate to various DNS servers across the globe.

Lowering a long TTL in the DNS record does not immediately purge cached values in other nameservers. It is important to check the TTL for a DNS record well in advance of any changes including a site launch, and lower it if necessary. The TTL should be verified again on the morning of a site launch.

Checking the current TTL

The most accurate way to verify the TTL for a DNS record is to check with the DNS provider directly. Alternatively, the TTL can be verified by querying the DNS record on the command line of a user’s local machine.

The following steps explain how to verify the TTL for a root domain or a subdomain. The root domain is typically the last two parts of a domain. For example, the root of example.com is example.com, and the root of subdomain.example.com is example.com.

Some top level domains (TLD) use two segments, such as .co.uk. For example, example.co.uk and www.example.co.uk, both have the root domain example.co.uk.

1. In a shell or terminal window, run dig +nssearch <root-domain> to identify the authoritative nameserver.
   The domain example.com is used in this example:

$ dig +nssearch example.com
SOA ns.icann.org. noc.dns.icann.org. 2022031402 7200 3600 1209600 3600 from server 199.43.135.53 in 59 ms.
SOA ns.icann.org. noc.dns.icann.org. 2022031402 7200 3600 1209600 3600 from server 199.43.133.53 in 60 ms.

The nameserver for the root domain is located in the first line of the command’s output, and often starts with ns or ns1 (e.g., ns.icann.org). The trailing . that is appended to the nameserver value in the output can be ignored.

2. Run dig @<nameserver> +noall +answer <domain> in a shell or terminal window to request information from the authoritative nameserver. This will get the full DNS entry and current TTL for the domain.
   The subdomain subdomain.example.com is used in this example:

$ dig @ns.icann.org +noall +answer subdomain.example.com
subdomain.example.com.		14400	IN	CNAME	example.com
example.com.		86400	IN	A	93.184.216.34

Because the entry for subdomain.example.com is a CNAME, the output also includes the record for the target, which is the root domain, example.com.

The number next to the full domain is the TTL for that record in seconds. For subdomain.example.com, the TTL is 14400.

The TTL value 14400 means that any changes—to the TTL or the CNAME or A record of the subdomain.example.com domain—may take 4 hours to propagate to other nameservers.