TTL (Time to Live) in Networking: A Real Explanation

Time to Live is one of those terms that means something slightly different depending on the context. In IP networking it's a hop counter that prevents packets from circulating forever. In DNS it's a cache duration that tells resolvers how long to keep a record. Both uses solve the same underlying problem: stale data causing problems in a distributed system.

IP Packet TTL

Every IP packet has a TTL field in its header — a number set by the sender, typically 64 or 128. Each router that forwards the packet decrements the TTL by one. When TTL reaches zero, the router discards the packet and sends an ICMP Time Exceeded message back to the source. This prevents routing loops from causing packets to circulate indefinitely.

Traceroute exploits this mechanism deliberately. It sends packets with TTL values of 1, 2, 3, 4... and so on. The packet with TTL 1 expires at the first router, which reports back. TTL 2 expires at the second router. By collecting all the Time Exceeded responses, traceroute maps the entire path.

DNS Record TTL

In DNS, TTL is different. It's a time value in seconds that tells resolvers how long to cache a DNS record before querying authoritative servers again. An A record with TTL 3600 can be cached for one hour. A record with TTL 300 expires after five minutes and is re-fetched more frequently.

Here's the thing — TTL is a ceiling, not a guarantee. Resolvers must respect TTLs and not cache longer than specified. But negative caching (caching of NXDOMAIN responses) has its own TTL, and some resolvers have minimum TTL floors below which they won't cache for shorter periods even if you request it.

Choosing DNS TTL Values

High TTLs (3600-86400) reduce DNS query load and improve performance — responses come from resolver caches rather than authoritative servers. Low TTLs (60-300) allow faster propagation of changes — useful when you're about to change server IPs or need to fail over quickly. The downside of low TTLs is increased query volume to your authoritative nameservers.

The practical advice: run high TTLs normally. Before a planned IP change — migrating servers, changing hosting providers — lower the TTL to 300 seconds at least 48 hours before the change. This ensures all cached records expire quickly once you make the switch. After the change is confirmed stable, raise TTLs again.