What Is DNS TTL (Time to Live) and How Does It Work?
Learn what TTL (Time to Live) in DNS is, how it affects website performance, and how to manage it securely during migrations.

The Domain Name System (DNS) is indispensable for the correct functioning of any service on the internet, translating domain names into readable IP addresses for servers. To prevent this system from becoming overloaded with billions of requests per second, the original DNS architecture—defined in the classic IETF RFC 1035—introduced a temporary caching mechanism. The directive that controls the duration of this cache is known as TTL (Time to Live).
In this guide, we explain in depth what TTL is, how it influences the speed of your website, its security, and how to manage it optimally during major changes like a server migration.
How Does TTL Work in DNS Caching?
TTL is a numerical value expressed in seconds assigned individually to each resource record in a DNS zone. Its function is to act as a countdown timer for intermediate DNS resolver servers (such as those of Google, Cloudflare, or your own internet service provider).
When a user visits your site for the first time:
- The user's device asks a DNS resolver for the IP address of your domain.
- Since the resolver does not have it in memory, it performs a recursive query until it reaches the authoritative nameserver of the domain.
- The authoritative server returns the IP along with the configured TTL value (e.g.,
3600seconds, which equals 1 hour). - The intermediate resolver stores that IP in its cache memory and delivers it to the user.
- During subsequent queries occurring within that hour, the resolver serves the stored IP immediately, without contacting your servers again.
- Once the 3600 seconds have elapsed, the record expires in the cache, and the resolver is forced to request updated information on the next visit.
Recommended TTL Values by Record Type
There is no single, universal TTL value that works for all cases. Configuring an inappropriate TTL can lead to performance issues or critical delays in configuration changes. The following table details the standard values recommended by the industry:
| Record Type | Recommended TTL (Standard) | Recommended TTL (Before Migration) | Security and Operations Justification |
|---|---|---|---|
| A / AAAA Record | 3600 (1 hour) or 86400 (24 h) |
300 (5 minutes) |
Production IPs rarely change. Reducing before migration minimizes downtime. |
| CNAME Record | 43200 (12 hours) |
600 (10 minutes) |
Generally point to CDNs or stable third-party services. |
| MX Record | 86400 (24 hours) |
3600 (1 hour) |
Corporate mail servers rarely change their routing. |
| TXT Record (SPF/DKIM/DMARC) | 86400 (24 hours) |
3600 (1 hour) |
Modifying email authentication policies requires secure propagation. |
| NS Record | 86400 (24 hours) |
14400 (4 hours) |
Changing nameservers takes the longest to propagate at the root level. |
How to Check the Current TTL of Your Records
It is possible to monitor the decaying behavior of the DNS cache in real-time using command-line tools in your terminal.
Checking TTL with dig
If you run the dig command on a Unix/Linux or macOS-based operating system, you will see a numerical column indicating the remaining seconds for that record in the resolver's cache:
# Query the A record of a domain
dig tecnocrypter.com
# In the ANSWER SECTION you will see something like:
# tecnocrypter.com. 299 IN A 192.0.2.1
In this example, the number 299 indicates that exactly 299 seconds remain before the DNS server resolves the query at the root servers again.
If you want to perform detailed visual monitoring across multiple countries simultaneously, we recommend using our DNS Propagation Checker, which will show the records returned by globally distributed resolvers with their corresponding cache values in real-time.
Pros and Cons of Different TTL Values
Advantages of a High TTL (e.g., 86400 seconds / 24 hours)
- Improved loading speed: By not having to resolve DNS constantly, the initial loading latency decreases significantly for most recurring users.
- Less server load: Your authoritative DNS servers receive a minimum fraction of requests.
- Greater resilience: If your authoritative DNS servers suffer a temporary outage, users can still access your site because local resolvers have the IP stored in cache.
Disadvantages of a High TTL
- Low flexibility: If your primary web server fails and you need to quickly change your domain's IP to a backup server, users will not see the change until the TTL expires, causing hours of visible downtime.
Advantages of a Low TTL (e.g., 300 seconds / 5 minutes)
- Quick updates: Ideal for maintenance scenarios, migrations, or active load balancing. Any change is reflected worldwide in a few minutes.
Disadvantages of a Low TTL
- Higher latency: Browsers are forced to wait for complete DNS resolution more frequently, which can slightly slow down page loading.
- DDoS vulnerability: By receiving more recursive requests, your origin DNS infrastructure may be more prone to overloading under volumetric attacks.
Conclusion
DNS TTL is a critical configuration variable that balances user-side performance and system administrator-side operational flexibility. For managing secure and seamless migrations, planning to reduce the TTL beforehand is the best technique.
We invite you to test your configuration live with our DNS Propagation Checker to verify that your records are being served uniformly, and to complement your reading with our guides on Understanding DNS records and their security or How DNS propagation works step-by-step.
Sources and Recommended Readings:
- RFC 1035 - Domain Names - Implementation and Specification — Official DNS cache specification.
- Wikipedia - Time to Live (DNS) — Concept and applications of TTL in networking.
- TecnoCrypter Internal Tool: DNS Propagation Checker


