Using dig command to confirm TTL for a DNS zone entry

As you probably know, TTL (time-to-live) parameters can be set not only for the whole DNS zone you’re managing, but for each individual zone entry. A common example could be a higher TTL for the zone as a whole, while having much smaller TTLs for critical servers like web or MX servers.

Not everyone is aware that dig command is very useful for entry-specific DNS research. This post just shows you a very simple example.

dig to confirm TTL for a DNS entry

When using dig, we’re usually after a specific section of its output. Consider this simple query (your output may slightly vary):

srv1# dig www.google.com

This query targets a specific DNS record – namely the www. one, rather than a whole google.com domain.

; <<>> DiG 9.7.1-P2 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4968
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 13, ADDITIONAL: 8

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         541187  IN      CNAME   www.l.google.com.
www.l.google.com.       156     IN      A       209.85.148.104
www.l.google.com.       156     IN      A       209.85.148.105
www.l.google.com.       156     IN      A       209.85.148.106
www.l.google.com.       156     IN      A       209.85.148.147
www.l.google.com.       156     IN      A       209.85.148.99
www.l.google.com.       156     IN      A       209.85.148.103

;; AUTHORITY SECTION:
com.                    37414   IN      NS      d.gtld-servers.net.
com.                    37414   IN      NS      e.gtld-servers.net.
com.                    37414   IN      NS      g.gtld-servers.net.
com.                    37414   IN      NS      f.gtld-servers.net.
com.                    37414   IN      NS      a.gtld-servers.net.
com.                    37414   IN      NS      h.gtld-servers.net.
com.                    37414   IN      NS      b.gtld-servers.net.
com.                    37414   IN      NS      m.gtld-servers.net.
com.                    37414   IN      NS      c.gtld-servers.net.
com.                    37414   IN      NS      j.gtld-servers.net.
com.                    37414   IN      NS      i.gtld-servers.net.
com.                    37414   IN      NS      l.gtld-servers.net.
com.                    37414   IN      NS      k.gtld-servers.net.

;; ADDITIONAL SECTION:
a.gtld-servers.net.     22830   IN      A       192.5.6.30
a.gtld-servers.net.     23008   IN      AAAA    2001:503:a83e::2:30
c.gtld-servers.net.     581     IN      A       192.26.92.30
d.gtld-servers.net.     581     IN      A       192.31.80.30
e.gtld-servers.net.     581     IN      A       192.12.94.30
f.gtld-servers.net.     581     IN      A       192.35.51.30
g.gtld-servers.net.     23226   IN      A       192.42.93.30
h.gtld-servers.net.     581     IN      A       192.54.112.30

;; Query time: 1 msec
;; SERVER: 88.198.6.2#53(88.198.6.2)
;; WHEN: Fri Jul  1 03:50:38 2011
;; MSG SIZE  rcvd: 512

We’re only interested in the ANSWER section:

;; ANSWER SECTION:
www.google.com.         541187  IN      CNAME   www.l.google.com.
www.l.google.com.       156     IN      A       209.85.148.104
www.l.google.com.       156     IN      A       209.85.148.105
www.l.google.com.       156     IN      A       209.85.148.106
www.l.google.com.       156     IN      A       209.85.148.147
www.l.google.com.       156     IN      A       209.85.148.99
www.l.google.com.       156     IN      A       209.85.148.103

As you can see from this example, the global www.google.com name is a CNAME entry with quite a high TTL, pointing to a number of www.l.google.com A entries with a much smaller TTL. In this particular example, the TTL for each www.l.google.com is 156 seconds, which is slightly less than 3 minutes.