Search This Blog

Apr 2, 2020

DNS Zone intervals - mapping values in Windows GUI to nslookup result for SOA record

DNS TTL 
See above, click to see enlarge picture.

This is a screenshot of SOA record.

What the intervals are:


  • (Most important one) Minimum default TTL: Default TTL for all records in the zone that don't have their own TTL defined during creation. This parameter is also used as TTL of negative cache
  • TTL : TTL for the SOA record itself
  • Refresh - This is how often (in seconds) the slave name servers check with the primary name server to see if any changes have been made to the zone
  • Retry - This is the time (in seconds) a slave (secondary) DNS server waits before retrying a failed zone transfer
  • Expires  - Indicates when the zone data is no longer authoritative - time counted from the point when slave loses contact with master. Applies to Slaves or Secondary servers only. When this expires, slave will no longer respond to queries
Update #1: Regarding negative caching, it is lesser of  Minimum Default TTL, SOA TTL, and 15min (defined in MaxNegativeTTL,  can be viewed with powershell cmdlet get-dnsservercache)

Update #2: One can set different values on SOA TTL and Minimum Default TTL, but Windows will set both to same value, whichever is smaller. Tested on Windows 2016