Link to home
Create AccountLog in
Avatar of IT Guy
IT GuyFlag for United States of America

asked on

Correct TTL value for domain MX record

What is the correct Time to Live (TTL) value that an email domain's MX record should be set to?
Avatar of Dan Dhillon
Dan Dhillon

Hi knowledgeable,

Should be 60 mins.
Avatar of IT Guy

ASKER

Is 60 minutes the recommended setting for an Office 365 domain?

What happens if it is set higher?

The organization I am currently working for has it set to 24 hours. Will that present a problem or a security risk?
In you office 365 admin centre you can run the domain verification tool which will tell you what ttl to use for mx records.
Avatar of IT Guy

ASKER

The organization I am currently working for has their email domain MX record set to 24 hours. Will that present a problem or a security risk?
ASKER CERTIFIED SOLUTION
Avatar of Dan Dhillon
Dan Dhillon

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
We often set it as 3600 seconds ~ 1 hour
Frankly, there isn't any "correct" setting.  Whatever setting doesn't impact security at all.  A shorter TTL will result in more DNS queries, but has the advantage that if any change to the record is made, clients will generally be aware of the change sooner.  A longer TTL has the advantage that if the authoritative DNS server for the record is unavailable for a while, fewer clients will generally be impacted.

I say "generally" above, because whether it's a short TTL or long TTL, for a specific client, how long the record has left in the cache before a new query is sent depends on when the last query was the resulted in the record being cached.  In other words, even though a record may have a TTL of 24 hours, at a given time it may have only a few seconds before that time is up and it will have to query the DNS servers again.