Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Different between TTL value at zone files

Posted on 2010-08-23
Medium Priority
Last Modified: 2012-05-10
;$TT amount of time other DNS servers should keep the local zone information in their remote cache
$TTL    300
@               IN SOA (
                                        20100726       ; serial
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                        ;               1D )            ; minimum
                                        600 )          ;600 sec

what is the different between those two TTL 300 & 600?
I think first $TTL 300 is amount of time other DNS servers should keep the local zone information in their remote cache
how about 600?
Question by:rawandnet
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
LVL 14

Accepted Solution

svgmuc earned 400 total points
ID: 33499158
According to

the first TTL is the minimum caching time in case of failed lookups,
and the zone file TTL is the default TTL for all records.

In my words:

The SOA minimum TTL is the shortest time after which a zone file will be refreshed from the master DNS server or the database/file.

Regardless of success or failure, after the default TTL, a record will be refreshed, unless specified differently in the respective record.

LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1600 total points
ID: 33499947

$TTL is used by any record that does not explicitly define a TTL value of its own.

BIND 9 is supposed to use the Minimum TTL as the negative caching time (BIND 8 uses it as the TTL for all records that do not define their own). MS DNS also uses the Minimum TTL as the TTL for any record which does not explicitly declare a TTL.

See "4 - SOA Minimum Field" in RFC 2308:


Author Comment

ID: 33518459
Still not clear to me the difference between SOA minimum TTL and master $TTL at top of the zone file.  I am pretty sure that the master $TTL is the one that governs the caching of all my DNS records on nameservers across the Internet, but still not clear to me the reason for having SOA minimum TTL
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1600 total points
ID: 33518741

Formerly it was used in place of $TTL, and it still is for some DNS server implementations (such as MS DNS).

BIND uses it to control negative caching as described in RFC 2308.

Even if it has no purpose the value would remain, if only for backward compatibility. The presence of the TTL in the SOA record is described in RFC 1035:

Notice that it describes the value as the default TTL for all records under section 3.3.13.

You can't get away from the RFCs if you're asking about things like that, it boils down to choices made at design time versus adjustments later.


Author Comment

ID: 33529278
From internet I found following answer:

The positive caching TTL ($TTL directive) governs the persistence of records that *do* exist in your zone; the negative caching TTL (the value of the last field of the SOA RR) governs the persistence of negative responses, i.e. the persistence of record sets that could but *don't* exist in your zone, so to speak.

> Record that could but *don't* exist in your zone?
How does this happen? does it mean clients asked for record that doesn’t exit, or something was wrong in my zone file,
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1600 total points
ID: 33529400

The NXDOMAIN response, that's the "doesn't exist" response, is cached.

If I run this:


My locally configured DNS server will cache the NXDOMAIN response to the request for a time. It's rarely longer than a few minutes, for example, the resolver on Windows XP / Vista / 7 will cache negative responses for 5 minutes.

The mechanism exists to save on unnecessary queries when things don't exist. After all, things that do are cached to save on excessive queries, things that don't should be as well.


Author Comment

ID: 33529706
> The mechanism exists to save on unnecessary queries when things don't exist
You do mean unnecessary query from client to my zone file if record doesn’t exit. In other meaning NXDOMAIN will be cached on client machine, for stop sending request to my zone file for a certain of time.

By the way on web site it is 3h ; minimum, don’t you think that is long time?
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1600 total points
ID: 33529792

NXDOMAIN will be cached on both the client and the requesting server.

If I had this chain:

me   --> My Local DNS Server --> Your DNS Server

Then both "me" and "My Local DNS Server" would cache the NX Domain response. Yours wouldn't because your server is supplying me with the answer.

It is a long time, but is that a problem? It only will be if you're expecting a lot of new records within your zone.

You'll find that each DNS server implementation maintains a different maximum value for the negative cache, overriding yours if yours is longer. For instance, BIND defaults to 3 hours, and can be configured to use a different value with max-ncache-ttl (named.conf). MS DNS, like the client resolver, will cache for a maximum of 5 minutes by default.


Author Closing Comment

ID: 33552505

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question