Loading

Correct DNS Timeout (TTL) Value for Salesforce Infrastructure Maintenance

Publiceringsdatum: May 4, 2026
Beskrivning

After an Instance Refresh or Site Switch, Salesforce recommends setting the DNS timeout value to 5 minutes.

Here's what you need to know:
If a customers network or IT group controls the DNS timeout values, then they may need to refresh the DNS cache and restart any integrations following the maintenance.

The DNS timeout setting is not a Salesforce setting. This is a setting that a customers IT/Networking group might manage on the local network. We do recommend a shorter TTL (Time To Live) value, so that when the new instance comes online, the network will have the latest DNS information to ensure it can find the new location quickly.

Time to Live values are always represented in seconds. Most DNS setup configuration services provide you a preset list of values to set your records to.
300 seconds = 5 minutes = “Very Short”
3600 seconds = 1 hour = “Short”
86400 seconds = 24 hours = “Long”
604800 seconds = 7 days = “Very long”

The DNS timeout setting is referring to DNS server resource records with a Time To Live (TTL) value of 300 seconds.

Salesforce sets the TTL for 300 seconds (5 minutes) on the resource records that they are the authority on and the recommendation is that an upstream caching server (for instance, one within your enterprise infrastructure) should also use this value and not cache these records for more than 300 seconds. 86400 seconds (24 hours) was common in the past. Caches should normally use the record's TTL. If you decide to set your own cache, then use *.salesforce.com, *.force.com, *.documentforce.com, *.visualforce.com, *.lightning.com, *.salesforcecommunities.com, and possibly *.cloudforce.com if it is in use in the organization.

Why use the Correct DNS TTL (300 seconds) for Salesforce Infrastructure Maintenance?
 
The reason this matters is rooted in how DNS propagation works:
  • When Salesforce performs an Instance Refresh (moving your org to a new server instance) or a Site Switch (changing the routing), the IP address your DNS resolves to will change.
  • If your DNS cache is set to a long TTL (like 24 hours), your network will continue pointing to the old IP for up to 24 hours — causing users to be unable to connect, integrations to fail, and APIs to time out.
  • A TTL of 300 seconds means your DNS cache will refresh every 5 minutes, so within 5 minutes of Salesforce completing the maintenance, your network will automatically pick up the new IP and restore full connectivity.
  • This is especially critical for automated integrations, middleware, and connected apps that don't have built-in retry/reconnect logic.
Lösning
The recommended resolution is to set the DNS TTL to 300 seconds (5 minutes) on all DNS resource records that point to Salesforce infrastructure. This is the key step to ensuring that:
  1. During Instance Refresh or Site Switch, the network resolves the new Salesforce instance IP quickly without waiting for a long cache expiry.
  2. Integrations and users experience minimal disruption — the maintenance is essentially seamless.
  3. Compliance with Salesforce infrastructure best practices, which include:
    • Not restricting Salesforce IP ranges
    • Allowlisting the full Salesforce IP range (if IP blocklisting is in use)
    • Setting DNS TTL to 300 seconds on your caching server
If the customer's IT team has set a longer TTL (e.g., 86400s), they should:
  • Update the TTL to 300 seconds before any planned maintenance window
  • Flush/refresh the DNS cache after the maintenance
  • Restart any integrations that may have cached the old DNS entry
Knowledge-artikelnummer

000382920

 
Laddar
Salesforce Help | Article