What's a sensible default TTL for a production website?

3600 seconds (1 hour) is a safe default for stable production records — long enough to absorb most query traffic in caches, short enough to recover from a misconfigured record in reasonable time. Bump to 86400 (24h) only for records that genuinely never change, like NS and SOA refresh values.

Should MX records have a different TTL from A records?

Not categorically. MX records change less frequently than web-server A records in many setups, so 3600–86400 is fine. The deciding factor is how often the value changes, not the record type. If you're switching email providers in two weeks, drop the MX TTL ahead of the cutover the same way you'd drop an A-record TTL before changing your web host.

What is the SOA minimum TTL?

The last field of the SOA record is the negative-cache TTL — how long resolvers should cache the fact that a name doesn't exist (NXDOMAIN). It's not a default for other records. Keep it modest (300–3600s); a long negative-cache TTL turns a typo or accidental record deletion into a long-lived problem.

How long before a planned migration should I lower TTL?

At least 2× the current TTL, ideally 24–48 hours. If your current TTL is 86400s, you need 24h+ for resolvers worldwide to pick up the lower value before the cutover. Skipping this step is the most common cause of unexpectedly long propagation windows during migrations.

Does a low TTL hurt performance?

It increases query volume against your authoritative nameservers and slightly slows the average client lookup (more cache misses, more network round-trips). For most sites the impact is negligible. For very high-traffic apex domains or during a DDoS, a low TTL can become a meaningful load multiplier — measure it.

FundamentalsIntermediate

DNS TTL Best Practices

Learn recommended TTL values for different DNS record types, how to optimize TTL for migrations, performance, and reliability.

Updated 4 May 2026

Start free Browse guides

Answer snapshot

TTL (Time To Live) tells resolvers how long to cache a DNS record. Longer TTLs (3600–86400s) mean fewer queries to your authoritative servers and faster answers from caches; shorter TTLs (60–300s) mean changes propagate faster but increase query volume. Use long TTLs for stable production records, short TTLs during planned migrations, and the three-phase strategy: lower TTL 24–48h before a change, change, then raise it back once stable.

What you'll learn

Choose appropriate TTL values for different DNS record types based on stability and change frequency
Execute a three-phase TTL strategy for low-risk DNS migrations and IP changes
Understand how TTL affects DNS query volume, authoritative server load, and resolver caching behavior
Avoid common TTL mistakes that cause outages, excessive query costs, or slow propagation

TTL (Time to Live) controls how long DNS resolvers cache your records before checking for updates. Setting the right TTL is a balance between performance (longer caching = fewer queries) and agility (shorter caching = faster changes). This guide covers recommended TTL values for common scenarios.

TTL Basics

TTL is specified in seconds. When a resolver caches a record, it serves the cached version for the TTL duration, then fetches a fresh copy from the authoritative server.

example.com.  3600  IN  A  192.0.2.1
              ^^^^
              TTL: 3600 seconds = 1 hour

For a deeper explanation, see What Is TTL.

Recommended TTL Values

Quick Reference by Record Type

Record Type	Recommended TTL	Duration	Why
A / AAAA	300-3600	5 min - 1 hr	Balance between caching and ability to change IPs
CNAME	3600-86400	1 hr - 24 hr	Usually stable, longer caching is fine
MX	3600-86400	1 hr - 24 hr	Mail server IPs rarely change
TXT (SPF/DKIM/DMARC)	3600-86400	1 hr - 24 hr	Email verification records are typically static
NS	86400-172800	24 hr - 48 hr	Nameservers change very rarely
SOA minimum	300-900	5 min - 15 min	Controls negative caching (NXDOMAIN)
CAA	3600-86400	1 hr - 24 hr	CA policy changes are infrequent
SRV	300-3600	5 min - 1 hr	Service endpoints may change
TLSA	3600-86400	1 hr - 24 hr	Certificate hashes change only on renewal
HTTPS/SVCB	300-3600	5 min - 1 hr	Service parameters may be tuned
PTR	3600-86400	1 hr - 24 hr	Reverse DNS is typically stable

By Stability

Scenario	TTL	Duration
Highly stable (rarely changes)	86400	24 hours
Stable (changes occasionally)	3600	1 hour
Moderate (changes sometimes)	900	15 minutes
Dynamic (changes frequently)	300	5 minutes
Pre-migration (temporary)	60-300	1-5 minutes

By Use Case

Use Case	Record	Recommended TTL	Rationale
Static marketing site	A/AAAA	3600-86400	Server rarely changes
SaaS application	CNAME	900-3600	May need CDN or cloud changes
API endpoint with failover	A	60-300	Fast failover critical
Email (Google Workspace)	MX	86400	Google's servers don't change
Email (self-hosted)	MX	3600	More likely to need IP changes
SPF record	TXT	86400	Rarely modified
DKIM key	TXT	86400	Rotate keys infrequently
DMARC policy	TXT	86400	Policy changes are deliberate
Load-balanced service	A/AAAA	60-300	Dynamic endpoint selection
Development/staging	A	60	Frequent changes during dev

TTL Strategy for DNS Migrations

When migrating DNS providers, changing IPs, or moving infrastructure, follow this three-phase approach:

Phase 1: Lower TTL (24-48 Hours Before)

Reduce the TTL to 300 seconds (5 minutes) well before the change. You must wait for the old TTL to expire before the new low TTL takes effect globally.

# If current TTL is 86400 (24h), lower it 48 hours before the change
example.com.  300  IN  A  192.0.2.1    ; old IP, low TTL

This is the most commonly skipped step, and skipping it is the most common cause of extended DNS migration issues. If your current TTL is 86400 and you change the IP without lowering it first, some resolvers will serve the old IP for up to 24 hours.

Phase 2: Make the Change

Update the record to the new value. With a 300-second TTL, most resolvers will pick up the change within 5 minutes.

example.com.  300  IN  A  198.51.100.1  ; new IP, still low TTL

Phase 3: Restore TTL (After Verification)

Once you've confirmed authoritative answers are correct, key recursive resolvers have refreshed, and everything is working, increase the TTL back to its normal value.

example.com.  3600  IN  A  198.51.100.1  ; new IP, normal TTL

Migration TTL Timeline Example

Here is a concrete timeline for migrating an A record from one server to another:

Time	Action	TTL	IP
Day 1, 09:00	Lower TTL	300	192.0.2.1 (old)
Day 3, 09:00	Verify the old TTL window has mostly aged out	300	192.0.2.1 (old)
Day 3, 10:00	Change IP	300	198.51.100.1 (new)
Day 3, 10:15	Verify authoritative and recursive resolver answers	300	198.51.100.1 (new)
Day 3, 11:00	Restore TTL	3600	198.51.100.1 (new)

Common TTL Mistakes

TTL Too Long for Dynamic Infrastructure

Setting a 24-hour TTL on an A record that might need to change quickly means you can't respond to outages or IP changes for up to a day.

Fix: Use 300-3600 seconds for records that might change.

TTL Too Short for Stable Records

A 60-second TTL on MX records that haven't changed in years generates unnecessary DNS queries, increasing load on your authoritative servers and slightly increasing latency for users. It also increases your query usage and potentially your bill.

Fix: Use 3600-86400 seconds for stable records.

Not Lowering TTL Before a Migration

Making a DNS change with an 86400-second TTL means some users won't see the change for up to 24 hours. If the old server is already down, those users experience an outage.

Fix: Always lower TTL 24-48 hours before planned changes.

Setting TTL to 0

A TTL of 0 tells resolvers not to cache the record at all. While this gives you maximum control, it means every single DNS query hits your authoritative server, which:

Increases query load significantly
Makes your domain dependent on authoritative server uptime for every request
Adds latency to every page load
Works against the benefits of anycast distribution by preventing caching

Fix: Use 60-300 seconds instead of 0. Even 60 seconds of caching dramatically reduces query volume.

Misunderstanding Negative TTL

The SOA record's minimum field controls how long NXDOMAIN (non-existent domain) responses are cached. Setting this too high means that after you create a new subdomain, some resolvers will continue returning NXDOMAIN until the negative cache expires.

Fix: Keep the SOA minimum between 300-900 seconds. DNScale manages this automatically as a system record.

TTL and DNS Propagation

TTL directly affects DNS propagation time. The relationship is straightforward:

Higher TTL -> slower propagation (resolvers serve cached data longer)
Lower TTL -> faster propagation (resolvers refresh sooner)

But TTL isn't the only factor — some resolvers enforce minimum/maximum cache durations regardless of your TTL setting. Most major public resolvers (Google, Cloudflare, Quad9) respect TTL accurately.

TTL and Performance

Caching Reduces Latency

When a resolver has your record cached, it responds instantly without querying your authoritative server. Longer TTLs mean more cache hits:

TTL 300:   Resolver queries authoritative every 5 min
TTL 3600:  Resolver queries authoritative every 1 hour
TTL 86400: Resolver queries authoritative every 24 hours

For a frequently visited website, a 1-hour TTL means the resolver queries your authoritative server once per hour per record per resolver. A 5-minute TTL means 12 times per hour.

Impact on Authoritative Server Load

Lower TTLs = more queries hitting your authoritative servers. With DNScale's anycast network, this is less of a concern since queries are distributed across multiple edge nodes, but it's still worth considering for very high-traffic domains. It also directly affects your query usage and billing.

TTL for Specific Scenarios

E-Commerce / Business-Critical Sites

example.com.       3600   A     192.0.2.1      ; 1 hour
www.example.com.   3600   CNAME example.com.   ; 1 hour

1 hour balances fast recovery with good caching. During planned maintenance, lower to 300.

SaaS Applications

app.example.com.   900    CNAME myapp.cloud.    ; 15 minutes
api.example.com.   300    A     203.0.113.10    ; 5 minutes

Shorter TTLs for services where you might need to fail over quickly.

Email Records

example.com.       86400  MX    10 mail.example.com.   ; 24 hours
example.com.       86400  TXT   "v=spf1 ..."          ; 24 hours
_dmarc.example.com. 86400 TXT   "v=DMARC1; ..."       ; 24 hours

Email records rarely change. Long TTLs reduce unnecessary queries.

During Active Development

dev.example.com.   60     A     192.0.2.50     ; 1 minute
staging.example.com. 300  A     192.0.2.51     ; 5 minutes

Low TTLs for environments where you're actively changing infrastructure.

Multi-Provider DNS

When running a multi-provider DNS deployment, keep TTLs consistent across all providers. Mismatched TTLs between providers can cause resolvers to cache records for different durations depending on which provider they queried, leading to inconsistent behavior.

Managing TTL in DNScale

Dashboard

When creating or editing a record, set the TTL field to your desired value in seconds.

API

# Create a record with a specific TTL
curl -X POST "https://api.dnscale.eu/v1/zones/{zone_id}/records" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "www",
    "type": "A",
    "content": "192.0.2.1",
    "ttl": 3600
  }'
 
# Update the TTL for migration preparation
curl -X PUT "https://api.dnscale.eu/v1/zones/{zone_id}/records/{record_id}" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "ttl": 300
  }'

Infrastructure as Code

Both Terraform and DNSControl support per-record TTL settings, making it easy to enforce consistent TTL policies across your zones.

What Is TTL — TTL fundamentals
DNS Propagation Explained — how TTL affects propagation
How to Flush DNS Cache — clear cached records locally
What Is an SOA Record — SOA minimum TTL controls negative caching
Understanding DNS Query Usage — how TTL impacts query volume and billing
DNS Record Types — all record types and their typical TTLs

Conclusion

Getting TTL right is one of the simplest ways to improve your DNS reliability. Use longer TTLs for stable records to maximize caching, shorter TTLs for dynamic services, and always lower TTL before planned changes. With DNScale, you can adjust TTL per-record through the dashboard or API to match each record's specific needs.

Frequently asked questions

What's a sensible default TTL for a production website?: 3600 seconds (1 hour) is a safe default for stable production records — long enough to absorb most query traffic in caches, short enough to recover from a misconfigured record in reasonable time. Bump to 86400 (24h) only for records that genuinely never change, like NS and SOA refresh values.
Should MX records have a different TTL from A records?: Not categorically. MX records change less frequently than web-server A records in many setups, so 3600–86400 is fine. The deciding factor is how often the value changes, not the record type. If you're switching email providers in two weeks, drop the MX TTL ahead of the cutover the same way you'd drop an A-record TTL before changing your web host.
What is the SOA minimum TTL?: The last field of the SOA record is the negative-cache TTL — how long resolvers should cache the fact that a name doesn't exist (NXDOMAIN). It's not a default for other records. Keep it modest (300–3600s); a long negative-cache TTL turns a typo or accidental record deletion into a long-lived problem.
How long before a planned migration should I lower TTL?: At least 2× the current TTL, ideally 24–48 hours. If your current TTL is 86400s, you need 24h+ for resolvers worldwide to pick up the lower value before the cutover. Skipping this step is the most common cause of unexpectedly long propagation windows during migrations.
Does a low TTL hurt performance?: It increases query volume against your authoritative nameservers and slightly slows the average client lookup (more cache misses, more network round-trips). For most sites the impact is negligible. For very high-traffic apex domains or during a DDoS, a low TTL can become a meaningful load multiplier — measure it.

Related guides

Ready to manage your DNS with confidence?

DNScale provides anycast DNS hosting with a global network, real-time analytics, and an easy-to-use API.

Start free