Maximum DNS TTL

A sample DNS (Domain Name Server) setting for TTL (Time to Live) might be 86400. TTL settings are entered as seconds and the max TTL time could be entered as one day like this: 60x60x24 = 86400.

For instance, if you want to reduce the cached Ttl to 10 minutes. Use a MaxCacheTtl value of 600. You can also set a different value for the Maximum Negative cache (Cached answers of non-existent domain) set the MaxNegativeCacheTtl to 0, and the DNS Client cache will not cache Negative responses. Although, if you query the same DNS server again, if the non-existent domain may be still in its cache.

All values in these entries are in seconds.

UPDATE: My original post here mentioned a number as the “maximum TTL value” possible. This was corrected by a poster that there is in fact no such thing as a limit to the maximum TTL value. Subsequently I found this which provides more information (from Alexander Ottl at Media Professionals AG):

But there is a maximum TTL in the context of BINDs cache configuration.
To quote the document:

max-ncache-ttl

To reduce network traffic and increase performance the server store  negative answers.  max-ncache-ttl is used to set a maximum retention time for these answers in the server is seconds.  The default max-ncache-ttl is 10800 seconds (3 hours).  max-ncache-ttl cannot exceed the maximum retention time for ordinary (positive) answers (7 days) and will be silently truncated to 7 days if set to a value which is greater than 7 days.


Alexander Ottl
Media Professionals AG

6 thoughts on “Maximum DNS TTL

  1. I don’t think you know what you are talking about. Please don’t give out incorrect information. The max TTL allowed is not one day. I’ve seen ones of 1 week or even 3 weeks. And you don’t want to set negative TTL to 0 because that defeats the purpose of why it was created.

  2. Its maximum range is 432014400 an Un-signed Integer. whatever you set at backend you can’t exceed to value pair:

    49710:6:28:25 where format is (DDDDD:HH:MM:SS)

    i tried it to set max up-to 50,000 but it automatically reverted to above value. you guys can try it manually setting at back-end DNS Server and try to read it programmatically using WMI, it will return u TTL in mil-seconds, as i did.

    but this 432014400 isn’t equal to the actual data set at backend e.g. 49710:6:28:25.

    Bit CONFUSED… what’s going on.

  3. I think 432014400 is equal to 5000 days maximum and 4 hours additional.

  4. When u try to convert pair
    49710:6:28:25 where format is (DDDDD:HH:MM:SS)

    Into mili second its result will be 4294967295 which is equivalent to allowed limit for unsigned integer. 🙂

    But why i am getting 432014400 mili seconds max out of it programmatically?

Leave a Reply

Your email address will not be published. Required fields are marked *