Details of Auto TTL

Are there details on what Auto TTL does, especially for non-proxied DNS records?

This page says it’s 5 minutes:

Proxied records update within 300 seconds (Auto)

This page says it’s 4 hours for A records, but it’s not even possible to manually set that in the dropdown, since the closest entries in the dropdown are 2 and 5 hours.

The default TTL for A records is 14,400 seconds. This means that if an A record gets updated, it takes 240 minutes (14,400 seconds) to take effect.

One is referring to the RFC / internet default (learning center) and one is referring to the Cloudflare default (support article).

You can perform a dig or nslookup to determine the ttl for any DNS record.


; <<>> DiG 9.10.6 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20303
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;		IN	A


In this case it’s reporting the remaining TTL of my recursive resolver cache (300 seconds), which happens to match the actual TTL since no one actually queries for that record.

If I instead did a dig directly to the authoritative ns it would report the ns value (which is the same in this instance).

Do all records (not just proxied ones) set to Auto TTL on Cloudflare currently have a TTL of 300 seconds?

Does using Auto just mean it’s 300 seconds for now, but subject to change in the future?

Great question. Using the example above you can test on your own domain to determine the answer.

Unless your legal team has added redlines to your contract with Cloudflare requiring something never change everything about Cloudflare is subject to change in the future.

Even if I test it, there could be extra conditions that affect the behavior of Auto TTL that the tests would miss.

Everything is subject to change in that sense. Even if they have terms like those, Cloudflare might go bankrupt or otherwise disappear and go offline permanently, breaking all DNS records that it hosts.

What I mean is that if you set TTL to “2 hours”, the effective TTL is 7200 seconds, and “5 hours” 18000, but it’s highly unlikely that Cloudflare will intentionally change it to make “2 hours” 18000 and “5 hours” 7200. But it’s more expectable for the effective TTL to change if it’s set to Auto.

Cloudflare has 16m+ domains using it’s authoritative DNS service, serving trillions of DNS queries a day. It is the second least interesting thing they do (serving cached content being the least). Could they change it? Yes. I can’t envision a reason they would want to.

If you want an explicit TTL, don’t proxy your records and set them manually I guess.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.