Linux / Unix: Dig Command Find Out TTL (Time to Live) Value For DNS Records

I would like to see the Time-to-live (TTL) value for a ‘AAAA’ and A record for domains. How do I see Time-to-live (TTL) for a DNS record under Unix or Linux operating systems using command line options?

Time to live (TTL) is a mechanism that limits the lifetime of dns records in the Domain Name System (DNS). It is set by an authoritative DNS server for particular resource record. The TTL is set in seconds and it is used by caching (recursive) dns server to speed up dns name resolution. You can use dig or host Unix dns lookup commands to find out ttl for any dns resources. This tutorial shows how to use use dig/host command to find DNS Time to Live (TTL) values.

`dig` command syntax to find ttl

The dig command syntax is:

dig type name
dig @ns-name-server-here type name
dig [optipns] @ns-name-server-here type name
dig [options] type name

Examples

In this example, find out ttl for www.cyberciti.biz a record:

dig a www.cyberciti.biz

Sample outputs:

dig a www.cyberciti.biz

; <<>> DiG 9.7.3 <<>> a www.cyberciti.biz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34721
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;www.cyberciti.biz.		IN	A

;; ANSWER SECTION:
www.cyberciti.biz.	30	IN	A	75.126.153.206

;; AUTHORITY SECTION:
cyberciti.biz.		161081	IN	NS	ns-1075.awsdns-06.org.
cyberciti.biz.		161081	IN	NS	ns-866.awsdns-44.net.
cyberciti.biz.		161081	IN	NS	ns-243.awsdns-30.com.
cyberciti.biz.		161081	IN	NS	ns-1947.awsdns-51.co.uk.

;; ADDITIONAL SECTION:
ns-243.awsdns-30.com.	161081	IN	A	205.251.192.243
ns-866.awsdns-44.net.	161081	IN	A	205.251.195.98
ns-1075.awsdns-06.org.	161081	IN	A	205.251.196.51
ns-1947.awsdns-51.co.uk. 161081	IN	A	205.251.199.155

;; Query time: 201 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May  4 16:18:18 2013
;; MSG SIZE  rcvd: 255

For www.cyberciti.biz ttl is set to 30 seconds. To just find out ttl, use the following syntax:

dig +nocmd +noall +answer +ttlid type name-here
dig +nocmd +noall +answer +ttlid a www.cyberciti.biz

Sample outputs:

www.cyberciti.biz.	30	IN	A	75.126.153.206

A few more examples:

## Find ttl for IPv6 record  ##
dig +nocmd +noall +answer +ttlid aaaa www.cyberciti.biz
www.cyberciti.biz.	592804	IN	AAAA	2607:f0d0:1002:51::4
 
## Find ttl for mx record ##
dig +nocmd +noall +answer +ttlid mx www.cyberciti.biz
cyberciti.biz.		3555	IN	MX	5 alt2.aspmx.l.google.com.
cyberciti.biz.		3555	IN	MX	10 aspmx2.googlemail.com.
cyberciti.biz.		3555	IN	MX	10 aspmx3.googlemail.com.
cyberciti.biz.		3555	IN	MX	1 aspmx.l.google.com.
cyberciti.biz.		3555	IN	MX	5 alt1.aspmx.l.google.com.

Where,

+nocmd – Toggles the printing of the initial comment in the output identifying the version of dig and the query options that have been applied. This comment is printed by default.
+noall – Set or clear all display flags.
+answer – Display [do not display] the answer section of a reply. The default is to display it.
+ttlid – Display [do not display] the TTL when printing the record.

A note about query directly to authoritative name server for ttl

You can skip caching recursive name server and get fresh ttl value using the following syntax:

dig +trace a www.cyberciti.biz
dig +trace +nocmd +noall +answer +ttlid aaaa www.cyberciti.biz

Sample outputs:

Fig.01: Displaying the ttl value for an IPV6 of www.cyberciti.biz

`host` command syntax to find ttl

The host command syntax is:

host -a -t type name

Examples

To see ttl for an IPv6 record for www.cyberciti.biz, enter:
$ host -a -t aaaa www.cyberciti.biz
Sample outputs:

Trying "www.cyberciti.biz"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57539
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
 
;; QUESTION SECTION:
;www.cyberciti.biz.		IN	AAAA
 
;; ANSWER SECTION:
www.cyberciti.biz.	592445	IN	AAAA	2607:f0d0:1002:51::4
 
;; AUTHORITY SECTION:
cyberciti.biz.		160433	IN	NS	ns-243.awsdns-30.com.
cyberciti.biz.		160433	IN	NS	ns-1075.awsdns-06.org.
cyberciti.biz.		160433	IN	NS	ns-1947.awsdns-51.co.uk.
cyberciti.biz.		160433	IN	NS	ns-866.awsdns-44.net.
 
;; ADDITIONAL SECTION:
ns-243.awsdns-30.com.	160433	IN	A	205.251.192.243
ns-866.awsdns-44.net.	160433	IN	A	205.251.195.98
ns-1075.awsdns-06.org.	160433	IN	A	205.251.196.51
ns-1947.awsdns-51.co.uk. 160433	IN	A	205.251.199.155
 
Received 267 bytes from 127.0.0.1#53 in 0 ms

The ttl for www.cyberciti.biz is set to 592445. A few more examples:

## Show an IPv4 a record ##
host -a -t a www.cyberciti.biz
 
## Show max record ##
host  -a -t mx cyberciti.biz
 
## Show cname record
host -a -t cname s0.cyberciti.org
host  -a -t cname s13.cyberciti.org

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

3 comment

Philippe Petrinko says:
May 9, 2013 at 7:37 am
Hi,
Fine topic, good to know.
Typo here:
“find out ttl for http://www.cyberciti.biz a recored:”
recored => record
— Philippe
1. nixCraft says:
  May 9, 2013 at 7:45 am
  The faq has been updated. I appreciate your post.
Sanal says:
November 6, 2013 at 2:07 pm
what is “id” refers to ??
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57539

Have a question? Post it on our forum!

dig command syntax to find ttl

Examples

A note about query directly to authoritative name server for ttl

host command syntax to find ttl

Examples

See also

Posted by: Vivek Gite

3 comment

`dig` command syntax to find ttl

`host` command syntax to find ttl