DNS-Proxy refresh interval

I access my home network via DynDNS and noted that, when updating the DNS-entries of my domain, public DNS-servers such as the one from Google or Freifunk München get updated with the new IP fairly quickly, whereas the DNS-Server/DNS-Proxy of IPFire still holds the old IP for quite a while. Here, I have three questions to which I could not find an answer so far:

  1. How long is the typical refresh interval of the DNS-Server/DNS-Proxy of IPFire?
  2. Is there a way to configure this refresh interval, maybe even on a per domain-level?
  3. Is there a way to manually clear the entire cache?

Thanks and best regards,


that depends on the FQDN in question.

For DNS zones, the “SOA” (state of authority) record as well as individual TTLs tell DNS resolvers how long an information retrieved is valid, how long a non-existing information is valid, and much more.

For example, kernel.org’s A record, which contains the IPv4 address(es) this FQDN is served by, has currently set a TTL of 300 seconds (= 5 minutes), so DNS resolvers will not update this information 300 seconds after the first successful DNS query has been made.

$ dig a kernel.org

; <<>> DiG 9.16.6 <<>> a kernel.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18298
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1232
;kernel.org.			IN	A

kernel.org.		300	IN	A                  <<<<<

;; Query time: 115 msec
;; SERVER: x#53(x)
;; WHEN: Sa Jul 09 09:42:35 UTC 2022
;; MSG SIZE  rcvd: 55

You will see all kind of TTLs in the wild, ranging from seconds to days if not weeks. It is also worth noticing that these can change, should an operator deem such a change necessary.

IPFire’s DNS proxy/resolver does not enforce any custom upper or lower boundaries to TTLs.

If I recall it correctly, overriding TTLs on a domain-basis is not possible. Generally, TTLs can be constrained to certain ranges, but this causes more harm than good.

I suggest you to run

dig a [your DDNS FQDN]

and see which TTL your DDNS provider has set. It should be pretty low, something between 60 and 600 seconds. If not, please get in touch with their support desk.

Yes. Run

unbound-control flush_zone .

(the trailing dot is important) on your IPFire machine.

Thanks, and best regards,
Peter Müller


Hi Peter,

perfect, thanks a lot for the quick response!