Are these DNS responses fresh?

DNS records originate from controlling nameservers and are cached at multiple levels: your ISP or a public resolver like Google’s or Cloudflare’s, possibly your router, your operating system, and even your browser. Just like at the grocery store, the freshness of these DNS records determines how long you can use them before you have to throw them out.

When a recursive resolver does a full resolution of a domain, it contacts the nameserver and gets the IP answer as well as the time-to-live (TTL) that is set. This is the maximum freshness, and it’s the number of seconds for which that DNS answer is valid. That cached answer can be sent to downstream users requesting the same record instead of reaching out to the nameserver again.

I wanted to know how fresh the records returned by public DNS servers were, so I whipped up some scripts to query and generate some statistics. I then threw them into a spreadsheet. The domains are from Alexa’s top domains in the US, filtered by those with a record TTL of less than or equal to 600 seconds.

The DNS resolvers are from what Pi-hole can use as upstreams. As we’ll see that doesn’t necessarily mean that they are good choices.

The first oddities I noticed are in the “Min” sheet. It seems inappropriate to me that DNS servers would respond with a TTL of 0 since that would make the record uncachable downstream.

An even bigger standout is that 208.67.222.222 (OpenDNS) gives very high TTL values for google.com (but not www.google.com). In fact, the max is 300 (correct), the min is 264, and the mean is… 299.9! At least from my limited view, that record seems to be special. I’m curious as to why, but I have no answers here.

Turning to the “Average” sheet, I have the servers ordered by average TTL. A reasonable average response TTL would be half the record’s TTL — the resolver gets the record from the nameserver and serves it from the max TTL until 0.

4.2.2.1 (Level3, now CenturyLink) stands out as having much lower average TTLs than the rest. I’m not sure what would cause this. I can’t find any public page from Level3/CenturyLink describing their DNS, so I would really recommend not using it.

Higher TTL is good for caching, but it’s probably not how you should decide on your DNS servers. The cache may not be used, especially if the record isn’t super common like the ones I’ve chosen here. If the higher response TTL comes at the price of higher response time (say, because the server did a full resolution), it probably isn’t worth it.