Linux / Unix: Dig Command Find Out TTL (Time to Live) Value For DNS Records

by on May 5, 2013 · 3 comments· LAST UPDATED May 9, 2013

in , ,

I would like to see the Time-to-live (TTL) value for a 'AAAA' and A record for domains. How do I see Time-to-live (TTL) for a DNS record under Unix or Linux operating systems using command line options?

Time to live (TTL) is a mechanism that limits the lifetime of dns records in the Domain Name System (DNS).
Tutorial details
DifficultyEasy (rss)
Root privilegesNo
Requirementsdig or host
Estimated completion timeN/A
It is set by an authoritative DNS server for particular resource record. The TTL is set in seconds and it is used by caching (recursive) dns server to speed up dns name resolution. You can use dig or host Unix dns lookup commands to find out ttl for any dns resources.

dig command syntax to find ttl

The syntax is

 
dig type name
dig @ns-name-server-here type name
dig [optipns] @ns-name-server-here type name
dig [options] type name

Examples

In this example, find out ttl for www.cyberciti.biz a record:

dig a www.cyberciti.biz

Sample outputs:

dig a www.cyberciti.biz
; <<>> DiG 9.7.3 <<>> a www.cyberciti.biz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34721
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;www.cyberciti.biz.		IN	A
;; ANSWER SECTION:
www.cyberciti.biz.	30	IN	A	75.126.153.206
;; AUTHORITY SECTION:
cyberciti.biz.		161081	IN	NS	ns-1075.awsdns-06.org.
cyberciti.biz.		161081	IN	NS	ns-866.awsdns-44.net.
cyberciti.biz.		161081	IN	NS	ns-243.awsdns-30.com.
cyberciti.biz.		161081	IN	NS	ns-1947.awsdns-51.co.uk.
;; ADDITIONAL SECTION:
ns-243.awsdns-30.com.	161081	IN	A	205.251.192.243
ns-866.awsdns-44.net.	161081	IN	A	205.251.195.98
ns-1075.awsdns-06.org.	161081	IN	A	205.251.196.51
ns-1947.awsdns-51.co.uk. 161081	IN	A	205.251.199.155
;; Query time: 201 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May  4 16:18:18 2013
;; MSG SIZE  rcvd: 255

For www.cyberciti.biz ttl is set to 30 seconds. To just find out ttl, use the following syntax:

 
dig +nocmd +noall +answer +ttlid type name-here
dig +nocmd +noall +answer +ttlid a www.cyberciti.biz

Sample outputs:

www.cyberciti.biz.	30	IN	A	75.126.153.206

A few more examples:

 
## Find ttl for IPv6 record  ##
dig +nocmd +noall +answer +ttlid aaaa www.cyberciti.biz
www.cyberciti.biz.	592804	IN	AAAA	2607:f0d0:1002:51::4
 
## Find ttl for mx record ##
dig +nocmd +noall +answer +ttlid mx www.cyberciti.biz
cyberciti.biz.		3555	IN	MX	5 alt2.aspmx.l.google.com.
cyberciti.biz.		3555	IN	MX	10 aspmx2.googlemail.com.
cyberciti.biz.		3555	IN	MX	10 aspmx3.googlemail.com.
cyberciti.biz.		3555	IN	MX	1 aspmx.l.google.com.
cyberciti.biz.		3555	IN	MX	5 alt1.aspmx.l.google.com.

Where,

  1. +nocmd - Toggles the printing of the initial comment in the output identifying the version of dig and the query options that have been applied. This comment is printed by default.
  2. +noall - Set or clear all display flags.
  3. +answer - Display [do not display] the answer section of a reply. The default is to display it.
  4. +ttlid - Display [do not display] the TTL when printing the record.

A note about query directly to authoritative name server for ttl

You can skip caching recursive name server and get fresh ttl value using the following syntax:

dig +trace a www.cyberciti.biz
dig +trace +nocmd +noall +answer +ttlid aaaa www.cyberciti.biz

Sample outputs:

Fig.01: Displaying the ttl value for an IPV6 of www.cyberciti.biz

Fig.01: Displaying the ttl value for an IPV6 of www.cyberciti.biz

host command syntax to find ttl

The syntax is

 
host -a -t type name
 

Examples

To see ttl for an IPv6 record for www.cyberciti.biz, enter:
$ host -a -t aaaa www.cyberciti.biz
Sample outputs:

Trying "www.cyberciti.biz"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57539
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
 
;; QUESTION SECTION:
;www.cyberciti.biz.		IN	AAAA
 
;; ANSWER SECTION:
www.cyberciti.biz.	592445	IN	AAAA	2607:f0d0:1002:51::4
 
;; AUTHORITY SECTION:
cyberciti.biz.		160433	IN	NS	ns-243.awsdns-30.com.
cyberciti.biz.		160433	IN	NS	ns-1075.awsdns-06.org.
cyberciti.biz.		160433	IN	NS	ns-1947.awsdns-51.co.uk.
cyberciti.biz.		160433	IN	NS	ns-866.awsdns-44.net.
 
;; ADDITIONAL SECTION:
ns-243.awsdns-30.com.	160433	IN	A	205.251.192.243
ns-866.awsdns-44.net.	160433	IN	A	205.251.195.98
ns-1075.awsdns-06.org.	160433	IN	A	205.251.196.51
ns-1947.awsdns-51.co.uk. 160433	IN	A	205.251.199.155
 
Received 267 bytes from 127.0.0.1#53 in 0 ms
 

The ttl for www.cyberciti.biz is set to 592445. A few more examples:

 
## Show an IPv4 a record ##
host -a -t a www.cyberciti.biz
 
## Show max record ##
host  -a -t mx cyberciti.biz
 
## Show cname record
host -a -t cname s0.cyberciti.org
host  -a -t cname s13.cyberciti.org
See also
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 3 comments… read them below or add one }

1 Philippe Petrinko May 9, 2013 at 7:37 am

Hi,
Fine topic, good to know.

Typo here:
“find out ttl for http://www.cyberciti.biz a recored:”

recored => record

– Philippe

Reply

2 nixCraft May 9, 2013 at 7:45 am

The faq has been updated. I appreciate your post.

Reply

3 Sanal November 6, 2013 at 2:07 pm

what is “id” refers to ??

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57539

Reply

Leave a Comment

Tagged as: , , , , , , , , ,

Previous Faq:

Next Faq: