Ensure every DNS answer sent to clients has a TTL of at least a defined number of seconds, regardless of the upstream TTL or what’s stored in cache.
When enabled, the DNS service rewrites low TTLs on the fly (both normal responses and cache hits) so clients will cache results for at least the defined time.Backup and restore were improved in v4.50 Service Pack 6 or in v4.50 Service Pack 5 Hotfix 20251001-03
Notes:
- This changes only the TTL presented to clients; it does not keep entries longer in the internal cache unless your cache policy allows it.
- If your upstream uses very short TTLs for fast changes/rotation, clamping may delay client-side visibility of those changes.
On the left menu, go to DNS > DNS Firewall > Global settings tab
- Down to the Cache section
- Click on the Enforce minimum TTL (client-visible) link
- You can Enable or disable the feature
If you disable the feature, the TTL sent to the client will match the record’s remaining lifetime in the cache.
It will decrease as the record approaches expiration.
- You can decrease or increase the default value set as 3600 seconds