DNS TTL Best Practices

Learn recommended TTL values for different DNS record types, how to optimize TTL for migrations, performance, and reliability.

TTL (Time to Live) controls how long DNS resolvers cache your records before checking for updates. Setting the right TTL is a balance between performance (longer caching = fewer queries) and agility (shorter caching = faster changes). This guide covers recommended TTL values for common scenarios.

TTL Basics

TTL is specified in seconds. When a resolver caches a record, it serves the cached version for the TTL duration, then fetches a fresh copy from the authoritative server.

example.com.  3600  IN  A  192.0.2.1
              ^^^^
              TTL: 3600 seconds = 1 hour

For a deeper explanation, see What Is TTL.

Recommended TTL Values

By Record Type

Record Type	Recommended TTL	Why
A / AAAA	300–3600	Balance between caching and ability to change IPs
CNAME	3600–86400	Usually stable, longer caching is fine
MX	3600–86400	Mail server IPs rarely change
TXT (SPF/DKIM/DMARC)	3600–86400	Verification records are typically static
NS	86400–172800	Nameservers change very rarely
SOA minimum	300–900	Controls negative caching (NXDOMAIN)
CAA	3600–86400	CA policy changes are infrequent
SRV	300–3600	Service endpoints may change

By Stability

Scenario	TTL	Duration
Highly stable (rarely changes)	86400	24 hours
Stable (changes occasionally)	3600	1 hour
Moderate (changes sometimes)	900	15 minutes
Dynamic (changes frequently)	300	5 minutes
Pre-migration (temporary)	60–300	1–5 minutes

TTL Strategy for DNS Migrations

When migrating DNS providers, changing IPs, or moving infrastructure, follow this three-phase approach:

Phase 1: Lower TTL (24–48 Hours Before)

Reduce the TTL to 300 seconds (5 minutes) well before the change. You must wait for the old TTL to expire before the new low TTL takes effect globally.

# If current TTL is 86400 (24h), lower it 48 hours before the change
example.com.  300  IN  A  192.0.2.1    ; old IP, low TTL

Phase 2: Make the Change

Update the record to the new value. With a 300-second TTL, most resolvers will pick up the change within 5 minutes.

example.com.  300  IN  A  198.51.100.1  ; new IP, still low TTL

Phase 3: Restore TTL (After Verification)

Once you've confirmed the change has propagated and everything is working, increase the TTL back to its normal value.

example.com.  3600  IN  A  198.51.100.1  ; new IP, normal TTL

Common TTL Mistakes

TTL Too Long for Dynamic Infrastructure

Setting a 24-hour TTL on an A record that might need to change quickly means you can't respond to outages or IP changes for up to a day.

Fix: Use 300–3600 seconds for records that might change.

TTL Too Short for Stable Records

A 60-second TTL on MX records that haven't changed in years generates unnecessary DNS queries, increasing load on your authoritative servers and slightly increasing latency for users.

Fix: Use 3600–86400 seconds for stable records.

Not Lowering TTL Before a Migration

Making a DNS change with an 86400-second TTL means some users won't see the change for up to 24 hours. If the old server is already down, those users experience an outage.

Fix: Always lower TTL 24–48 hours before planned changes.

Setting TTL to 0

A TTL of 0 tells resolvers not to cache the record at all. While this gives you maximum control, it means every single DNS query hits your authoritative server, which:

Increases query load significantly
Makes your domain dependent on authoritative server uptime for every request
Adds latency to every page load

Fix: Use 60–300 seconds instead of 0. Even 60 seconds of caching dramatically reduces query volume.

TTL and DNS Propagation

TTL directly affects DNS propagation time. The relationship is straightforward:

Higher TTL → slower propagation (resolvers serve cached data longer)
Lower TTL → faster propagation (resolvers refresh sooner)

But TTL isn't the only factor — some resolvers enforce minimum/maximum cache durations regardless of your TTL setting. Most major public resolvers (Google, Cloudflare, Quad9) respect TTL accurately.

TTL and Performance

Caching Reduces Latency

When a resolver has your record cached, it responds instantly without querying your authoritative server. Longer TTLs mean more cache hits:

TTL 300:   Resolver queries authoritative every 5 min
TTL 3600:  Resolver queries authoritative every 1 hour
TTL 86400: Resolver queries authoritative every 24 hours

For a frequently visited website, a 1-hour TTL means the resolver queries your authoritative server once per hour per record per resolver. A 5-minute TTL means 12 times per hour.

Impact on Authoritative Server Load

Lower TTLs = more queries hitting your authoritative servers. With DNScale's anycast network, this is less of a concern since queries are distributed across multiple edge nodes, but it's still worth considering for very high-traffic domains.

TTL for Specific Scenarios

E-Commerce / Business-Critical Sites

example.com.       3600   A     192.0.2.1      ; 1 hour
www.example.com.   3600   CNAME example.com.   ; 1 hour

1 hour balances fast recovery with good caching. During planned maintenance, lower to 300.

SaaS Applications

app.example.com.   900    CNAME myapp.cloud.    ; 15 minutes
api.example.com.   300    A     203.0.113.10    ; 5 minutes

Shorter TTLs for services where you might need to fail over quickly.

Email Records

example.com.       86400  MX    10 mail.example.com.   ; 24 hours
example.com.       86400  TXT   "v=spf1 ..."          ; 24 hours
_dmarc.example.com. 86400 TXT   "v=DMARC1; ..."       ; 24 hours

Email records rarely change. Long TTLs reduce unnecessary queries.

During Active Development

dev.example.com.   60     A     192.0.2.50     ; 1 minute
staging.example.com. 300  A     192.0.2.51     ; 5 minutes

Low TTLs for environments where you're actively changing infrastructure.

Managing TTL in DNScale

Dashboard

When creating or editing a record, set the TTL field to your desired value in seconds.

API

# Create a record with a specific TTL
curl -X POST "https://api.dnscale.eu/v1/zones/{zone_id}/records" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "www",
    "type": "A",
    "content": "192.0.2.1",
    "ttl": 3600
  }'
 
# Update the TTL for migration preparation
curl -X PUT "https://api.dnscale.eu/v1/zones/{zone_id}/records/{record_id}" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "ttl": 300
  }'

What Is TTL — TTL fundamentals
DNS Propagation Explained — how TTL affects propagation
How to Flush DNS Cache — clear cached records locally
What Is an SOA Record — SOA minimum TTL controls negative caching

Conclusion

Getting TTL right is one of the simplest ways to improve your DNS reliability. Use longer TTLs for stable records to maximize caching, shorter TTLs for dynamic services, and always lower TTL before planned changes. With DNScale, you can adjust TTL per-record through the dashboard or API to match each record's specific needs.