In terms of DNS (Domain Name System) management and optimizing DNS performance, one of the primary concerns is reducing the query load on DNS servers while maintaining performance and reliability. A key factor in this balancing act is the Time to Live (TTL) setting for DNS records. TTL determines how long a DNS record is cached by resolvers and, consequently, how often the DNS server is queried for that record.
This article explores various TTL strategies, including specific instructions on adjusting the Start of Authority (SOA) record, to optimize DNS performance and reduce the overall query count on a DNS zone.
Please Note: Some of the recommendations in this article require access to advanced TTL controls that aren’t available on the easyDNS Domain Plus service. Please upgrade to DNS Standard or higher to gain full access.
Understanding TTL Basics
What is TTL in DNS?
Time to Live (TTL) defines how long data is stored in DNS and CDN caches. DNS TTL tells the resolver how long to cache a domain’s query before refreshing it. For example, if set to 15 minutes, any site updates won’t be visible to users until the next refresh. CDN TTL, on the other hand, caches website resources to speed up loading times and reduce bandwidth. This ensures users see the most current content after the TTL period expires.
TTL is an integral part of a DNS record, typically specified in seconds. When a resolver queries a DNS server, it receives the record along with the TTL value, instructing it how long to cache that record. Once the TTL expires, the resolver must query the DNS server again for updated information.
Short TTLs ensure that any changes to the DNS records propagate quickly across the internet, but they also lead to a higher query rate. Conversely, longer TTLs reduce the query frequency but can delay the propagation of updates.
How Does TTL Work?
TTL (Time to Live) manages data packets’ lifespan on the internet, preventing them from endlessly circulating. Each packet has a TTL value, reducing by one with each hop through a router. When TTL reaches zero, the packet is discarded, and an ICMP message is sent to the origin. TTL is crucial in processes like tracerouting, which uses varying TTL values to track the path and time it takes for data to reach its destination, providing insight into network routes and performance.
What is DNS TTL Used For?
DNS TTL helps manage how frequently a website updates its content. For sites with frequent changes, a lower TTL ensures users see the most current updates quickly. Conversely, a higher TTL reduces server load by caching content longer. TTL settings can optimize user experience, ensuring faster access to updated information or relieving server strain by adjusting how often new content is pushed. This is particularly useful for content-heavy sites or those relying on real-time data, like APIs.
Assessing the Needs of the DNS Zone
Before adjusting TTL values, it’s crucial to understand the specific requirements of the DNS zone:
- Dynamic Content: For websites or services with rapidly changing IP addresses (e.g., load-balanced environments or dynamic IP assignments), shorter TTLs are necessary to ensure that users are always directed to the correct IP address.
- Static Content: For static resources, such as a corporate website with a rarely changing IP address, a longer TTL is advisable to minimize DNS query traffic.
- Critical Services: If a DNS zone hosts critical services, such as email servers or VoIP systems, a balanced TTL strategy is necessary to ensure both reliability and quick propagation of any necessary changes.
Adjusting the SOA Record for Efficient TTL Management
The Start of Authority (SOA) record is a critical DNS record that contains administrative information about the zone. It also includes parameters that directly affect how often secondary DNS servers query the primary DNS server for updates. The key fields in the SOA record relevant to TTL strategies are:
- Expire Time: This value determines how long secondary servers should continue serving the old data if they can’t contact the primary server.
- Minimum TTL (Default TTL): This is the default TTL for all resource records in the zone file, unless overridden by specific TTL values.
Example SOA Record:
@ IN SOA ns1.example.com. admin.example.com. ( 3600000 ; Expire (1000 hours) 3600 ; Minimum TTL (1 hour) )
Steps to Adjust the SOA Record:
- Access Your DNS Zone File:
- First, login to the easyDNS Control Panel and select the domain you would like to edit. Under the DNS SETTINGS tab click the SOA link on the right side of the DNS INFORMATION section.
- Set the Expire Time:
- This is generally set to a large value, such as 1,000 hours (3,600,000 seconds), ensuring that secondary servers continue to serve old data even if they cannot reach the primary server for an extended period.
- Configure the Minimum TTL:
- The Minimum TTL is the default TTL applied to all records in the zone unless otherwise specified. For most zones, setting this to 1 hour (3,600 seconds) provides a good balance between query reduction and update propagation speed.
- For zones with more stable records, consider a longer default TTL, such as 12 hours (43,200 seconds) or 24 hours (86,400 seconds).
- Save and Propagate the Changes:
- After making these adjustments, save the zone file and reload the DNS server configuration. Ensure that the updated SOA record propagates correctly by checking the DNS propagation status using tools like dig or online DNS checkers.
Implementing Longer TTLs for Static Content
For records that rarely change, such as the primary A or AAAA records of a corporate website, consider setting a TTL between 24 hours (86,400 seconds) and 48 hours (172,800 seconds). This significantly reduces the number of queries to the DNS servers, as resolvers will cache the records longer.
Example:
@ IN A 192.0.2.1 ; TTL = 86400 (24 hours)
easyDNS Control Panel:
Using Shorter TTLs for Dynamic or Critical Records
For records that are subject to frequent changes, such as those in a load-balanced environment or for failover configurations, a shorter TTL, typically between 5 minutes (300 seconds) and 1 hour (3,600 seconds), is recommended. This allows changes to propagate quickly without overburdening the DNS servers with excessive queries.
Example:
www IN A 198.51.100.1 ; TTL = 300 (5 minutes)
easyDNS Control Panel:
Gradual TTL Reduction for Planned Changes
When planning DNS changes, such as a migration to a new server or IP address, it’s prudent to gradually lower the TTL of the affected records in the days leading up to the change. This strategy ensures that once the change is made, the new records propagate quickly, minimizing downtime or disruption.
Example:
- Reduce TTL from 24 hours to 1 hour two days before the change.
- Reduce TTL to 5 minutes on the day of the change.
- After confirming the change is successful, increase TTL back to a longer duration.
TTL Management for Load Balancing and Failover
For DNS-based load balancing or failover configurations, where multiple IP addresses are associated with a single domain name, managing TTL is crucial. A lower TTL ensures that if an endpoint becomes unavailable, resolvers will quickly query for an updated list of IPs, directing traffic to a healthy server.
Example:
lb IN A 192.0.2.1 ; TTL = 300 (5 minutes) IN A 192.0.2.2 ; TTL = 300 (5 minutes)
easyDNS Control Panel:
Monitoring and Adjusting TTLs
Once TTL settings are in place, ongoing monitoring is essential to ensure they meet the DNS zone’s operational needs. DNS query logs, performance metrics, and cache hit rates can provide insights into whether the current TTL strategy is effective or if adjustments are necessary.
Considerations for Global DNS Caches
Global DNS caches, such as those used by ISPs, may ignore very short TTLs, typically under 300 seconds. It’s important to set TTLs that balance the need for quick updates with the realities of global DNS caching behaviors.
Optimizing DNS Performance: TTL Strategies to Reduce Query Count
Optimizing TTL settings in a DNS zone is a balancing act between reducing query load and ensuring timely updates. By implementing a thoughtful TTL strategy—longer for static records, shorter for dynamic records, and adaptive changes for planned updates—along with careful adjustment of the SOA record, IT administrators can significantly reduce the DNS query count while maintaining a responsive and reliable DNS infrastructure.
Always consider the specific needs of your DNS zone and monitor the effects of TTL changes to ensure optimal performance
Marco says
Thanks for the tips,
I wish this article had appeared 14 days earlier 😉
2 pitfalls I had:
The setting ‘Always use encrypted URL Forwarding’ generated a _acme-challenge.mydomain.net entry with ttl 60 for me.
autoconfig & autodiscover to https://autodiscover.easymail.ca keeps resetting to TTL 300.
bcutler says
The _acme-challenge TXT records will get removed from the zone once the SSL certificate for the url forward has been generated. For a zone record that isn’t using the default TTL, check if there is a TTL set specifically for that record that is overriding the default – if you remove that TTL value, the default will be used.
Marco says
Yes,
‘_acme-challenge TXT records *SHOULD* get removed’ and that’s exactly what they didn’t do. I deleted them myself. The records must have been in my zone for months. I didn’t notice that the ‘New DNS Editor’ created the acme records when I selected ‘Always use encrypted URL Forwarding’. ‘encrypted URL Forwarding’ can also be enabled in users preferences and elsewhere.
autoconfig & autodiscover resetting from TTL 3600 back to TTL 300 seems to have been fixed. At least for me they now remain permanently at default.
Additionally, I set my default TTL from 1 hour to 2 days. I have left my TTL settings at the easyDNS defaults all these years. Because of Peter’s blog post, I looked at TTL for the first time. My query usage has now dropped from 50-200 million/month to 5 million/month.