I've found a similar post about this, however my user can't comment.
I wonder why doing dig @8.8.8.8 domain.com
prints out different "countdowns" when running it several times in few seconds, as if that domain was cached in different places inside 8.8.8.8 with different TTLs.
For example,
dione@saturno:~$ dig serverfault.com @8.8.8.8 +noall +answer
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> serverfault.com @8.8.8.8 +noall +answer
;; global options: +cmd
serverfault.com. 39 IN A 198.252.206.140
dione@saturno:~$ dig serverfault.com @8.8.8.8 +noall +answer
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> serverfault.com @8.8.8.8 +noall +answer
;; global options: +cmd
serverfault.com. 288 IN A 198.252.206.140
dione@saturno:~$ dig serverfault.com @8.8.8.8 +noall +answer
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> serverfault.com @8.8.8.8 +noall +answer
;; global options: +cmd
serverfault.com. 37 IN A 198.252.206.140
dione@saturno:~$ dig serverfault.com @8.8.8.8 +noall +answer
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> serverfault.com @8.8.8.8 +noall +answer
;; global options: +cmd
serverfault.com. 36 IN A 198.252.206.140
dione@saturno:~$ dig serverfault.com @8.8.8.8 +noall +answer
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> serverfault.com @8.8.8.8 +noall +answer
;; global options: +cmd
serverfault.com. 284 IN A 198.252.206.140
Best Answer
The reason why different TTLs are shown at different query is that
8.8.8.8
is a (Virual IP) load balancer which has many DNS servers attached to it. And so every new request that arrive lands on different DNS server each time.This is true with all public DNS servers. And if you would like to know the actual TTL of a domain then you have to query the (SOA) authoritative DNS server of that domain. And so
ns1.google.com.
is the authoritative forgoogle.com
domain and querying it will give you a fixed (actual) TTL every time.