Correct TTL value for domain MX record

What is the correct Time to Live (TTL) value that an email domain's MX record should be set to?
IT GuyNetwork EngineerAsked:
Who is Participating?
 
Dan Dhillon2nd/3rd line Support EngineerCommented:
Hi,

Hope this helps answers your question.

https://blog.varonis.com/definitive-guide-to-dns-ttl-settings
0
 
Dan Dhillon2nd/3rd line Support EngineerCommented:
Hi knowledgeable,

Should be 60 mins.
0
 
IT GuyNetwork EngineerAuthor Commented:
Is 60 minutes the recommended setting for an Office 365 domain?

What happens if it is set higher?

The organization I am currently working for has it set to 24 hours. Will that present a problem or a security risk?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Dan Dhillon2nd/3rd line Support EngineerCommented:
In you office 365 admin centre you can run the domain verification tool which will tell you what ttl to use for mx records.
0
 
IT GuyNetwork EngineerAuthor Commented:
The organization I am currently working for has their email domain MX record set to 24 hours. Will that present a problem or a security risk?
0
 
TjnoNetwork AdministratorCommented:
We often set it as 3600 seconds ~ 1 hour
0
 
footechCommented:
Frankly, there isn't any "correct" setting.  Whatever setting doesn't impact security at all.  A shorter TTL will result in more DNS queries, but has the advantage that if any change to the record is made, clients will generally be aware of the change sooner.  A longer TTL has the advantage that if the authoritative DNS server for the record is unavailable for a while, fewer clients will generally be impacted.

I say "generally" above, because whether it's a short TTL or long TTL, for a specific client, how long the record has left in the cache before a new query is sent depends on when the last query was the resulted in the record being cached.  In other words, even though a record may have a TTL of 24 hours, at a given time it may have only a few seconds before that time is up and it will have to query the DNS servers again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.