Linux / Unix: Dig Command Find Out TTL (Time to Live) Value For DNS Records

Author: Vivek Gite Last updated: June 9, 2017 3 comments
I would like to see the Time-to-live (TTL) value for a ‘AAAA’ and A record for domains. How do I see Time-to-live (TTL) for a DNS record under Unix or Linux operating systems using command line options?

Time to live (TTL) is a mechanism that limits the lifetime of dns records in the Domain Name System (DNS).
Tutorial details
Difficulty Easy (rss)
Root privileges No
Requirements dig or host
Time N/A
It is set by an authoritative DNS server for particular resource record. The TTL is set in seconds and it is used by caching (recursive) dns server to speed up dns name resolution. You can use dig or host Unix dns lookup commands to find out ttl for any dns resources. This tutorial shows how to use use dig/host command to find DNS Time to Live (TTL) values.

dig command syntax to find ttl

The dig command syntax is:

dig type name
dig @ns-name-server-here type name
dig [optipns] @ns-name-server-here type name
dig [options] type name

Examples

In this example, find out ttl for www.cyberciti.biz a record:

dig a www.cyberciti.biz

Sample outputs:

dig a www.cyberciti.biz

; > DiG 9.7.3 > a www.cyberciti.biz
;; global options: +cmd
;; Got answer:
;; ->>HEADER30	IN	A	75.126.153.206

;; AUTHORITY SECTION:
cyberciti.biz.		161081	IN	NS	ns-1075.awsdns-06.org.
cyberciti.biz.		161081	IN	NS	ns-866.awsdns-44.net.
cyberciti.biz.		161081	IN	NS	ns-243.awsdns-30.com.
cyberciti.biz.		161081	IN	NS	ns-1947.awsdns-51.co.uk.

;; ADDITIONAL SECTION:
ns-243.awsdns-30.com.	161081	IN	A	205.251.192.243
ns-866.awsdns-44.net.	161081	IN	A	205.251.195.98
ns-1075.awsdns-06.org.	161081	IN	A	205.251.196.51
ns-1947.awsdns-51.co.uk. 161081	IN	A	205.251.199.155

;; Query time: 201 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat May  4 16:18:18 2013
;; MSG SIZE  rcvd: 255

For www.cyberciti.biz ttl is set to 30 seconds. To just find out ttl, use the following syntax:

dig +nocmd +noall +answer +ttlid type name-here
dig +nocmd +noall +answer +ttlid a www.cyberciti.biz

Sample outputs:

www.cyberciti.biz.	30	IN	A	75.126.153.206

A few more examples:

## Find ttl for IPv6 record  ##
dig +nocmd +noall +answer +ttlid aaaa www.cyberciti.biz
www.cyberciti.biz.	592804	IN	AAAA	2607:f0d0:1002:51::4
 
## Find ttl for mx record ##
dig +nocmd +noall +answer +ttlid mx www.cyberciti.biz
cyberciti.biz.		3555	IN	MX	5 alt2.aspmx.l.google.com.
cyberciti.biz.		3555	IN	MX	10 aspmx2.googlemail.com.
cyberciti.biz.		3555	IN	MX	10 aspmx3.googlemail.com.
cyberciti.biz.		3555	IN	MX	1 aspmx.l.google.com.
cyberciti.biz.		3555	IN	MX	5 alt1.aspmx.l.google.com.

Where,

  1. +nocmd – Toggles the printing of the initial comment in the output identifying the version of dig and the query options that have been applied. This comment is printed by default.
  2. +noall – Set or clear all display flags.
  3. +answer – Display [do not display] the answer section of a reply. The default is to display it.
  4. +ttlid – Display [do not display] the TTL when printing the record.

A note about query directly to authoritative name server for ttl

You can skip caching recursive name server and get fresh ttl value using the following syntax:

dig +trace a www.cyberciti.biz
dig +trace +nocmd +noall +answer +ttlid aaaa www.cyberciti.biz

Sample outputs:

Fig.01: Displaying the ttl value for an IPV6 of www.cyberciti.biz

host command syntax to find ttl

The host command syntax is:

host -a -t type name

Examples

To see ttl for an IPv6 record for www.cyberciti.biz, enter:
$ host -a -t aaaa www.cyberciti.biz
Sample outputs:

Trying "www.cyberciti.biz"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57539
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
 
;; QUESTION SECTION:
;www.cyberciti.biz.		IN	AAAA
 
;; ANSWER SECTION:
www.cyberciti.biz.	592445	IN	AAAA	2607:f0d0:1002:51::4
 
;; AUTHORITY SECTION:
cyberciti.biz.		160433	IN	NS	ns-243.awsdns-30.com.
cyberciti.biz.		160433	IN	NS	ns-1075.awsdns-06.org.
cyberciti.biz.		160433	IN	NS	ns-1947.awsdns-51.co.uk.
cyberciti.biz.		160433	IN	NS	ns-866.awsdns-44.net.
 
;; ADDITIONAL SECTION:
ns-243.awsdns-30.com.	160433	IN	A	205.251.192.243
ns-866.awsdns-44.net.	160433	IN	A	205.251.195.98
ns-1075.awsdns-06.org.	160433	IN	A	205.251.196.51
ns-1947.awsdns-51.co.uk. 160433	IN	A	205.251.199.155
 
Received 267 bytes from 127.0.0.1#53 in 0 ms

The ttl for www.cyberciti.biz is set to 592445. A few more examples:

## Show an IPv4 a record ##
host -a -t a www.cyberciti.biz
 
## Show max record ##
host  -a -t mx cyberciti.biz
 
## Show cname record
host -a -t cname s0.cyberciti.org
host  -a -t cname s13.cyberciti.org
See also

🐧 Please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
Related Tutorials
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
3 comments… add one
  • Philippe Petrinko May 9, 2013 @ 7:37

    Hi,
    Fine topic, good to know.

    Typo here:
    “find out ttl for http://www.cyberciti.biz a recored:”

    recored => record

    — Philippe

    Reply Link
    • 🐧 nixCraft May 9, 2013 @ 7:45

      The faq has been updated. I appreciate your post.

      Reply Link
  • Sanal Nov 6, 2013 @ 14:07

    what is “id” refers to ??

    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57539

    Reply Link

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @ webmaster@cyberciti.biz

Next FAQ:

Previous FAQ:

🔎 Search this site

FEATURED ARTICLES

Sign up for my newsletter