NS TTL Adequacy

What This Check Does

The NS TTL Adequacy check verifies that the Time-to-Live (TTL) value for your NS records is at least 3600 seconds (1 hour). NS records define which nameservers are authoritative for your domain, and a low TTL causes resolvers to re-query for this information more frequently than necessary.

DNS Spy reads the TTL value from your NS records and flags any that fall below the 3600-second threshold.

Why It Matters

NS records are foundational to DNS resolution. Every query for your domain starts with a nameserver lookup. If your NS record TTL is too low, resolvers must repeatedly query for your nameserver information, increasing latency for all DNS lookups, adding load to parent zone nameservers, and making your domain more vulnerable to DNS outages.

Nameserver changes are rare events. A TTL of 3600 seconds (1 hour) or higher is appropriate for almost all domains and provides the right balance between cacheability and responsiveness to legitimate changes.

Good vs. Bad Configuration

Bad Configuration

NS records with a TTL of 300 seconds (5 minutes). Resolvers must re-query for your nameserver delegation every 5 minutes, adding unnecessary overhead to every DNS resolution chain.

Good Configuration

NS records with a TTL of 3600 seconds (1 hour) or higher. Nameserver delegation is cached efficiently, providing stable and fast DNS resolution for your domain.

How DNS Spy Monitors This

DNS Spy evaluates the TTL of your NS records during each monitoring cycle. If the TTL is below 3600 seconds, an alert is triggered. DNS Spy tracks TTL changes over time, ensuring your delegation remains stable and appropriately configured.