The dig(1) command is a handy DNS information and troubleshooting tool. It can be used to grab a host or domain’s TTL (time to live) values.
This information can be critical to planning a DNS cut over, and how long to leave the old server on.
In most circumstances I’d recommend running a low (5 minute or less) value for normal operation, but some ISPs and providers still are shy about decreasing these values so it is always a good idea to check.
TTL for a Specific Host
Dig’s default output provides the TTL information, it is the number proceeding the record type (underlined below):
$ dig +nocmd +noall +answer www.ateamsystems.com www.ateamsystems.com. 270 IN A 220.127.116.11
Note: If your default DNS server is not the authoritative server for the zone you are digging dig will show the time remaining (until the next refresh) instead of the raw TTL value in this position.
You can work around this by directing dig to specifically use one of the domain’s servers, for example I know that ns1.ateamservers.com is authoritative for this domain:
$ dig +nocmd +noall +answer @ns1.ateamservers.com www.ateamsystems.com www.ateamsystems.com. 300 IN A 18.104.22.168
Default TTL (and negative-TTL) for a Domain
We can also pull the domain-wide TTL setting, which controls negative-TTLs (how long a server will cache an NX or ‘nothing there’ reply). This will also break out the SOA into an easier to read format:
# dig +nocmd +multiline +noall +answer any ateamsystems.com ateamsystems.com. 300 IN SOA ns.ateamservers.com. dns.ateamsystems.com. ( 4007121214 ; serial 3600 ; refresh (1 hour) 900 ; retry (15 minutes) 2592000 ; expire (4 weeks 2 days) 300 ; minimum (5 minutes) )
For more information on dig’s many uses take a look at Paul Heinlein’s DiG HOWTO.
Special thanks to James Snow who provided the initial facts and inspiration for this post.
Yeah, isn’t always after a crisis where we need a fast domain name change that we finally remember to change the TTL or look up.
The @22.214.171.124 parameter might useful to pull up stuff off the google dns servers, and the windows command, ipconfig /displaydns is pretty good for local ttl on your machine.
Google’s resolvers don’t always reflect the TTL that’s in the original zone file. This is generally to our advantage though, as the TTL’s I’ve gotten from Google have been lower than the TTL’s in the zone file.
Get just the TTL with:
dig +noall +nocmd +answer churchmusicians.org | cut -f2