Skip to main content
Home/Glossary/TTL (Time to Live)

TTL (Time to Live)

A value that specifies how long a DNS record or network packet should be cached or forwarded before being discarded or refreshed.

NetworkingAlso called: "time to live", "cache duration"

TTL controls caching duration for DNS records and limits packet propagation in networks, balancing performance with update speed.

DNS TTL

  • Specifies how long resolvers should cache a DNS record (in seconds).
  • Lower TTL = faster propagation of changes, more DNS queries.
  • Higher TTL = better caching performance, slower change propagation.
  • Typical values: 300 (5 min) to 86400 (24 hours).

Common TTL strategies

  • Before changes: Lower TTL to 300 seconds 24-48 hours in advance.
  • During migration: Keep TTL low until changes verify correctly.
  • Steady state: Increase TTL for frequently queried, stable records.
  • High availability: Lower TTL for records that may need quick failover.

TTL for different scenarios

# Low TTL (5 min) - frequent changes expected
example.com.  300  IN  A  192.0.2.1

# Medium TTL (1 hour) - balanced approach
example.com.  3600  IN  MX  10  mail.example.com.

# High TTL (24 hours) - stable records
example.com.  86400  IN  NS  ns1.example.com.

Network/IP TTL

  • Limits how many router hops a packet can traverse.
  • Decremented by 1 at each router; packet discarded at 0.
  • Prevents routing loops from circulating packets indefinitely.
  • Used by traceroute to map network paths.

Security implications

  • Long DNS TTL delays propagation of security-related changes.
  • Attackers may time attacks around TTL expiration for cache poisoning.
  • IP TTL manipulation used in OS fingerprinting and evasion techniques.

Related Tools

Related Articles

View all articles
📄

Grok vs Regex: What's the Difference and When to Use Each

Grok vs regex isn't a fight. Grok IS regex with a reusable naming layer for log parsing. Here is when to reach for each and how to convert between them.

Read article →
📄

How to Fix _grokparsefailure: Debugging Grok Patterns Step by Step

_grokparsefailure tells you a grok pattern failed but not why. Here are the 7 most common causes and a step-by-step method to pinpoint and fix each one.

Read article →
📄

Best Project Management Tools: Jira Alternatives Compared (2026)

Compare project management tools — Jira, Linear, Asana, Monday.com, ClickUp, Notion, Planet Roadmap, and more — by workflow fit, reporting, integrations, and pricing.

Read article →
📄

Blameless Postmortem Template: How to Run Post-Incident Reviews That Actually Improve Things

A practical guide to blameless postmortems — including a ready-to-use template, facilitation tips, and how to turn incident data into lasting improvements.

Read article →

Explore More Networking

View all terms

BGP (Border Gateway Protocol)

The routing protocol that exchanges network reachability information between autonomous systems, forming the backbone of Internet routing.

Read more →

DNSSEC (DNS Security Extensions)

A suite of specifications that add cryptographic authentication to DNS responses, preventing DNS spoofing and cache poisoning attacks.

Read more →

Domain Name System (DNS)

The hierarchical naming system that translates human-readable domain names into IP addresses.

Read more →

IP Address Geolocation

The process of determining the geographic location of an internet-connected device using its IP address.

Read more →

MAC Address

A unique hardware identifier assigned to network interfaces for local network communication.

Read more →

MX Record

A DNS record type that specifies which mail servers are responsible for receiving email for a domain.

Read more →
Back to glossary