diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index be590ac..1ab7396 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -40,6 +40,7 @@ global_dns_session_key_name: "local-ddns"
 global_dns_session_key_path: "/var/run/named/session.key"
 global_dns_session_key_algorithm: "{{ global_dns_update_key_algorithm }}"
 global_dns_update_key_algorithm: "ED25519"
+global_dns_ttl: "{{ 24 * 60 * 60 }}" # default if omitted in all cases
 
 global_ssh_key_directory: "{{ global_public_key_directory }}/ssh"
 global_ssh_host_key_directory: "{{ global_ssh_key_directory }}/hosts"
diff --git a/roles/dns/master/defaults/main.yml b/roles/dns/master/defaults/main.yml
index 8bebb17..cd0e5d1 100644
--- a/roles/dns/master/defaults/main.yml
+++ b/roles/dns/master/defaults/main.yml
@@ -11,7 +11,7 @@ dns_list_file: "{{ global_dns_list_directory }}/{{ domain }}"
 
 dnssec_algorithm: "RSASHA512"
 dnssec_key_length: "4096"
-ttl_default: 86400 # TTL for entries where TTL was omitted
+ttl_default: "{{ global_dns_ttl }}" # TTL for entries where TTL was omitted
 
 # Following domain names are considered absolute
 main_nameserver_domain: "ns1.{{ domain }}"
@@ -19,6 +19,6 @@ responsible_mail_name: "admin.{{ domain }}"
 refresh: 86400
 retry: 7200
 expire: 3600000
-ttl: 172800
+ttl: "{{ global_dns_ttl }}"
 
 dname_subdomain: "external" # Must not contain the base domain, can be used to allow ignoring local overrides on purpose, will be ignored if empty