How can I see Time-To-Live (TTL) for a DNS record?

There are two ways that you can query a TTL value for a DNS record. You can use nslookup with the the -q=wks option. You can also view the TTL value in the local “DNS Resolver Cache” on the local client machine by running “ipconfig /displaydns” command. See below for both examples.

nslookup -q=wks hotmail.msn.com

Set Queries
set q=a To lookup for the IP address of a domain name
set q=mx To find more information about the mail exchange server
set q=soa To check records of Start-of-Authority of a DNS Zone
set q=any To lookup for all types of data
set q=MB To lookup for the Mailbox domain name
set q=wks To find more information about the Well-Known Service
set q=cname To lookup for the Canonical name

In the below example hotmail.msn.com has a 1 hour Time to live value (TTL)

C:\>nslookup
Default Server: UnKnown
Address: 192.168.11.1
.
> set q=wks
> hotmail.msn.com
Server: UnKnown
Address: 192.168.11.1
.
hotmail.msn.com
     primary name server = ns1.msft.net
     responsible mail addr = msnhst.microsoft.com
     serial = 2018011701
     refresh = 7200 (2 hours)
     retry = 900 (15 mins)
     expire = 2419200 (28 days)
     default TTL = 3600 (1 hour)
>

Sometimes you may see a little confusing results like the below where you are not sure if the TTL reported is for rackspace.com or support.rackspace.com.

The 5 minutes TTL is for support.rackspace.com, you can validate this in your local ‘DNS Resolver cache’, see below.

C:\>nslookup
Default Server: UnKnown
Address: 192.168.11.1
.
> set q=wks
> support.rackspace.com
Server: UnKnown
Address: 192.168.11.1
.
rackspace.com
     primary name server = ns.rackspace.com
     responsible mail addr = hostmaster.rackspace.com
     serial = 1549397598
     refresh = 300 (5 mins)
     retry = 300 (5 mins)
     expire = 1814400 (21 days)
     default TTL = 300 (5 mins)
>

 

How to see TTL from the DNS Resolver Cache (Client side)

When your computer queries a DNS name it also keeps it locally in the Client side DNS Resolver Cache “ipconfig /displaydns”. This way it doesn’t have to go to your DNS servers to resolve the name.

You can view the TTL (Time-to-Live) value here, every time you refresh this screen the timer for “Time to Live” parameter will be counting down. This timer starts from the TTL value set on the DNS record. To clear the timer and start counting from the beginning you can type in: ipconfig /flushdns. This will force it to get the TTL value from the DNS server and start the countdown again from the beginning.

In the example below we know the support.rackspace.com has a TTL value of 300 seconds (5 minutes). I just ran the ipconfig /flushdns and then ran the below command and I can see the countdown is now at 287 seconds (Little bit less then 5 minutes).

To view ‘Time to Live’ timer countdown: ipconfig /displaydns
To reset the ‘Time to Live’ timer countdown: ipconfig /flushdns


C:\>ipconfig /displaydns | more

Windows IP Configuration
hotmail.msn.com
----------------------------------------
Record Name . . . . . : hotmail.msn.com
Record Type . . . . . : 1
Time To Live  . . . . : 3594
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 204.79.197.208

support.rackspace.com
----------------------------------------
Record Name . . . . . : support.rackspace.com
Record Type . . . . . : 1
Time To Live  . . . . : 287
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 162.242.140.53
This entry was posted in Microsoft, Networking and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *