What is time to live (TTL)?
Explore IBM's time to live solution Subscribe to AI topic updates
 Illustration with collage of pictograms of gear, robotic arm, mobile phone

Published: 10 May 2024
Contributors: Camilo Quiroz-Vazquez, Michael Goodwin

What is time to live (TTL)?

Time to live (TTL) is a value that defines the amount of time that a data packet or record should exist on a network, computer or server before it is discarded or revalidated.

The TTL value is a measured time limit based on the distinct necessities of different functions. Time to live is used in several contexts, including networking, data caching, content delivery network caching and Domain Name System (DNS) caching.

For example, the TTL value in a DNS record tells a recursive resolver or local resolver how long to cache a DNS record before contacting the authoritative server to get a new copy.

In networking, the TTL value set in the header of an Internet Protocol packet (IP packet) tells a network router when a packet has expired or reached its “hop limit” and should be discarded. When a router determines that a data packet has expired, it sends an Internet Control Message Protocol (ICMP) message back to the host and discards the packet.

TTL is used to remove undeliverable data packets and mitigates the risk that data packets will bounce from router to router indefinitely. This prevents these expired packets from clogging systems, improves content delivery speed and reduces network latency.

TTL is also used for computer network utilities such as ping and traceroute to identify hosts on a network, map the path data travels through a network and measure the time it takes for a packet to move from one point to another across a network.

Get a live demo

See how IBM® NS1 Connect® improves application performance and network resilience with a managed service for authoritative DNS and traffic steering.

Related content

Register for the ebook on observability

How does TTL work?  

In networking, a numerical value indicating how long a packet should exist on a network is embedded in the data and IP packets. TTL values can range from 1 to 255. Different operating systems support different default TTL values; however, administrators can modify TTL values based on organizational use cases, preferences or requirements.

Each time a packet passes through a network device such as a router, the router reduces the TTL field value by 1. Each passage through a network device is known as a “hop”. Once the TTL value reaches zero, an ICMP message is sent to the host server where the packet originated and the packet is discarded. Managing the lifespan of data packets prevents them from getting stuck in routing loops. This helps reduce network congestion and improves load balancing, resource optimization and content delivery.


DNS TTL refers to how long a DNS server can serve a cached DNS record. It’s like an expiration date on a DNS record, telling the local resolver how long it should keep the record in its cache.

DNS resolution is the process of converting a domain name into an internet protocol (IP) address and connecting a user to a website. It involves retrieving information stored in DNS records from several DNS servers and starts with the recursive or local DNS resolver. An internet service provider (ISP) often provides and manages recursive resolvers.

When a user enters a domain name into a web browser (initiates a DNS query), a recursive resolver queries a series of authoritative servers to obtain the A record (A records for IPv4 addresses, AAAA records for IPv6 addresses) that indicates the IP address for a domain.

However, if the local resolver already has the record needed to resolve the query, it can connect the user without continuing with the DNS lookup process. This efficient process reduces the query load on authoritative servers and significantly improves the speed at which a user is connected to a website. The TTL value is defined in seconds and determines how long a local cache server can serve a DNS record before contacting the authoritative server to receive a current record copy.

Most IP addresses are dynamic and change over time, which means the information held by DNS records must be updated to reflect these changes. TTL settings assist in this process by ensuring that records are retired and updated at appropriate intervals.

Shorter TTL values are a strategic choice for websites that are consistently refreshing or updating content. These low TTL values help ensure that records cached on servers remain up to date and that changes to records are propagated in near real-time. On the other hand, longer TTL values are used for DNS records that change less frequently, such as TXT records (which hold information related to the configuration and ownership of a domain) and MX records (which direct emails to an email server).

TTL values impact the query volume connected to the authoritative name server. If a DNS cache holds a record too long, changes to the record take longer to propagate, potentially slowing down a user’s search or resulting in an error message. If TTL values are unnecessarily low, organizations run the risk of overloading servers with queries. Managed DNS solutions can be used to help ensure maximum uptime, streamlined observability and fast response and propagation times.


At the top of every DNS zone, in the start of authority (SOA), there are five TTL values that serve a higher purpose in the DNS. It is recommended to not modify these TTLs unless you have a very specific need to do so, which is often a very rare case.

SOA TTL: The interval at which the SOA record is refreshed.

Refresh TTL: 
The interval at which secondary servers (secondary DNS) are set to refresh the primary zone file from the primary server.

Retry TTL: The rate at which a secondary server will retry to refresh the primary zone file if the initial refresh failed.

Expiry TTL: If refresh and retry fail repeatedly, this is the time period after which the primary should be considered gone and no longer authoritative for the given zone.

NX TTL: If a domain request results in a nonexistent query (NXDOMAIN), this is the amount of time that is respected by the recursor to return the NXDOMAIN response.


A content delivery network (CDN) is a network of servers located in geographically dispersed areas that enables faster web performance by delivering content to users from the server nearest them. CDNs use the time to live value to determine how long content is stored on edge servers.

Once TTL expires, content is refreshed from the origin server. When calibrated properly, TTL helps deliver content to the user without propagating requests back to the origin server. This accelerates content delivery while reducing the bandwidth requirements of the origin server.

TTL in ping and traceroute

Computer networking utilities such as ping and traceroute use TTL to connect with a host or trace a route of “hops” to a host. Ping is used to verify that a host is on a network. Traceroute helps track the path of a packet through the internet from network devices such as computers and routers to a destination.

Traceroute provides visibility into every “hop” a data packet takes through a network. A stream of packets is sent toward a destination with sequentially higher TTL values. Imagine the packets have TTL values of 1, 2, 3 and so on.

At each stop, one of the packets reaches its final destination, as defined by the TTL. When that happens, the packet is discarded and an ICMP message is sent back to the sender. The time it takes for the ICMP message to be returned is used to track a path from origin host to destination and determine how long it takes to move between each successive hop in a network.

TTL in databases

TTL is used to set policies to delete expired database records automatically. As in other use cases, TTL defines the amount of time that data is allowed to live on a database. In this case, TTL is defined in seconds.

When a timeout value for data records is reached, that data can no longer be retrieved and will not appear in database statistics. This expiration and automatic deletion help decrease storage costs, reduce table size—thus increasing query performance—and enable organizations to better comply with any regulations on data retention time.

Benefits of TTL
Optimized content delivery

TTL helps CDN and DNS servers deliver information to end-users more efficiently. Setting appropriate TTL values strikes a balance between making sure that users receive the most up-to-date version of the resource they are requesting and not unnecessarily overloading servers or causing undue latency.

In CDNs, users are connected to the nearest server to receive updated content, which cuts down on delivery latency (since requests are fulfilled from the nearest server) and requests to the origin server. In DNS, TTL enables recursive resolvers to return cached answers when appropriate, reducing load time and queries to authoritative servers and promptly receiving propagation updates when records are changed.

Efficient resource management and load balancing

Managing the lifespan of cached information and data packets helps organizations make more efficient use of network infrastructure resources such as DNS servers, CDN edge servers and routers. TTL is used to help distribute network traffic and make sure that network resources are not overloaded. It also prevents packets from bouncing between routers indefinitely. These measures help improve network performance.

Enhanced security measures

Discarding expired data packets improves network security and reduces the threat of data breaches. Expired packets that are not discarded might contain outdated security protocols. Updating caches and revalidating packets provide servers and networks with the latest security information. 

Related solutions
Application performance optimization

IBM® NS1 Connect® provides customizable, easily configurable traffic steering capabilities to optimize application performance based on your specifications—cost, end-user performance, reliability or all three.

Explore IBM NS1 Connect application performance optimization

Global server load balancing (GSLB)

Optimize end-user experience and improve network resilience at a lower cost with IBM NS1 Connect GSLB, a new approach powered by DNS and real-time device performance data.

Explore IBM NS1 Connect GSLB

DNS traffic steering

IBM NS1 Connect DNS traffic steering gives you the power to optimize connections to applications, services and content based on geography, real-user monitoring (RUM) data, load and more—all in an easy-to-use UI.

Explore IBM NS1 Connect DNS traffic steering
Resources What is DNS?

Learn about the Domain Name System (DNS), the component of the internet standard protocol responsible for converting domain names into the internet protocol (IP) addresses computers use to identify each other on the network.

What is load balancing?

Learn about load balancing, the process of distributing network traffic efficiently among multiple servers to optimize application availability and ensure a positive end-user experience.

What is latency?

Learn about network latency and its impact on network performance and user experience.

What is DNS propagation?

Learn about DNS propagation, the amount of time that it takes for DNS servers to propagate changes to a DNS record across the internet.

What is a CNAME record?

Learn about canonical name records, records that serve as an alias within the Domain Name System (DNS), redirecting one domain name to another.

What is a DNS server?

Learn about DNS servers, servers that translate the website domain names users search in web browsers into corresponding numerical IP addresses.

Take the next step

IBM NS1 Connect provides fast, secure connections to users anywhere in the world with premium DNS and advanced, customizable traffic steering. NS1 Connect’s always-on, API-first architecture enables your IT teams to more efficiently monitor networks, deploy changes and conduct routine maintenance.

Explore NS1 Connect Book a live demo