As you probably know, TTL (time-to-live) parameters can be set not only for the whole DNS zone you're managing, but for each individual zone entry. A common example could be a higher TTL for the zone as a whole, while having much smaller TTLs for critical servers like web or MX servers.
Not everyone is aware that dig command is very useful for entry-specific DNS research. This post just shows you a very simple example.
dig to confirm TTL for a DNS entry
When using dig, we're usually after a specific section of its output. Consider this simple query (your output may slightly vary):
srv1# dig www.google.com
This query targets a specific DNS record – namely the www. one, rather than a whole google.com domain.
; <<>> DiG 9.7.1-P2 <<>> www.google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4968 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 13, ADDITIONAL: 8 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 541187 IN CNAME www.l.google.com. www.l.google.com. 156 IN A 209.85.148.104 www.l.google.com. 156 IN A 209.85.148.105 www.l.google.com. 156 IN A 209.85.148.106 www.l.google.com. 156 IN A 209.85.148.147 www.l.google.com. 156 IN A 209.85.148.99 www.l.google.com. 156 IN A 209.85.148.103 ;; AUTHORITY SECTION: com. 37414 IN NS d.gtld-servers.net. com. 37414 IN NS e.gtld-servers.net. com. 37414 IN NS g.gtld-servers.net. com. 37414 IN NS f.gtld-servers.net. com. 37414 IN NS a.gtld-servers.net. com. 37414 IN NS h.gtld-servers.net. com. 37414 IN NS b.gtld-servers.net. com. 37414 IN NS m.gtld-servers.net. com. 37414 IN NS c.gtld-servers.net. com. 37414 IN NS j.gtld-servers.net. com. 37414 IN NS i.gtld-servers.net. com. 37414 IN NS l.gtld-servers.net. com. 37414 IN NS k.gtld-servers.net. ;; ADDITIONAL SECTION: a.gtld-servers.net. 22830 IN A 192.5.6.30 a.gtld-servers.net. 23008 IN AAAA 2001:503:a83e::2:30 c.gtld-servers.net. 581 IN A 192.26.92.30 d.gtld-servers.net. 581 IN A 192.31.80.30 e.gtld-servers.net. 581 IN A 192.12.94.30 f.gtld-servers.net. 581 IN A 192.35.51.30 g.gtld-servers.net. 23226 IN A 192.42.93.30 h.gtld-servers.net. 581 IN A 192.54.112.30 ;; Query time: 1 msec ;; SERVER: 88.198.6.2#53(88.198.6.2) ;; WHEN: Fri Jul 1 03:50:38 2011 ;; MSG SIZE rcvd: 512
We're only interested in the ANSWER section:
;; ANSWER SECTION: www.google.com. 541187 IN CNAME www.l.google.com. www.l.google.com. 156 IN A 209.85.148.104 www.l.google.com. 156 IN A 209.85.148.105 www.l.google.com. 156 IN A 209.85.148.106 www.l.google.com. 156 IN A 209.85.148.147 www.l.google.com. 156 IN A 209.85.148.99 www.l.google.com. 156 IN A 209.85.148.103
As you can see from this example, the global www.google.com name is a CNAME entry with quite a high TTL, pointing to a number of www.l.google.com A entries with a much smaller TTL. In this particular example, the TTL for each www.l.google.com is 156 seconds, which is slightly less than 3 minutes.
Nick Yeoman says
I was doing this just the other day! I totally should have come here first.