Time to Live (TTL)

Last Edited

by

in

Definition of TTL on the Network Encyclopedia.

What is Time to Live?

Time to live, best known as TTL or Hop Limit, is a mechanism that limits the lifespan or lifetime of data in a computer or network. TTL may be implemented as a counter or timestamp attached to or embedded in the data. Once the prescribed event count or timespan has elapsed, data is discarded or revalidated. In computer networking, TTL prevents a data packet from circulating indefinitely. In computing applications, TTL is commonly used to improve the performance and manage the caching of data.

Time to Live example - TTL example
Time to Live example

Time to Live on IP Packets

To ensure IP packets have a limited lifetime on the network all IP packets have an 8 bit Time to Live (IPv4) or Hop Limit (IPv6) header field and value which specifies the maximum number of layer three hops (typically routers) that can be traversed on the path to their destination. Each time the packet arrives at a layer three network device (a hop) the value is reduced by one before it is routed onward. When the value eventually reaches one the packet is discarded by the device that receives it (as the value will be reduced to zero). Whilst this won’t prevent network issues caused by a routing loop or similar, it reduces their impact and may help avoid router failures. As it is an 8 bit field, the maximum possible value is 255 (11111111 in binary).

Default TTL and Hop Limit Values

Default TTL and Hop Limit values vary between different operating systems, here are the defaults for a few:

  • Linux kernel 2.4 (circa 2001): 255 for TCP, UDP and ICMP
  • Linux kernel 4.10 (2015): 64 for TCP, UDP and ICMP
  • Windows XP (2001): 128 for TCP, UDP and ICMP
  • Windows 10 (2015): 128 for TCP, UDP and ICMP
  • Windows Server 2008: 128 for TCP, UDP and ICMP
  • Windows Server 2019 (2018): 128 for TCP, UDP and ICMP
  • MacOS (2001): 64 for TCP, UDP and ICMP

As you can see, the TTL or Hop Limit seen in packets from a host could, in part, be used to identify the operating system in use on that host.

Time To Live and DNS Caching

Time To Live (TTL) value tells local resolving name servers how long a record should be stored locally before a new copy of the record must be retrieved from DNS. The record storage is known as the DNS cache, and the act of storing records is called caching.

  1. TTL is part of the Domain Name System.
  2. TTLs are set by an authoritative nameserver for each resource record.
  3. TTLs are used for caching purpose. For example, www.networkencyclopedia.com TTL value is 86400 seconds, which is 24 hours. The higher a record’s TTL, the longer the information will be cached, and the less queries a client will have to make in order to find the domain.
  4. TTLs will be used by the resolving name server to speed up name resolving by caching results locally.

Setting Shorter TTLs?

It’s possible to set shorter TTLs. However, it can cause heavier loads on an authoritative nameserver, but can be useful when changing the address of critical services like web servers or MX records (mail server pointers), and therefore are often lowered by the DNS administrator prior to a service being moved, in order to minimize disruptions.

Common TTL Values

Usually, TTL value is 86400 seconds, which is 24 hours. This is a good starting point for most records. However, you can set higher TTL for MX or CNAME records as they are expected to change very rarely. If your service is critical, it is recommended that you set TTL to 1 hour (3600 seconds).

Time to Live in HTTP

TTL may also be expressed as a date and time on which a record expires. The Expires: header in HTTP responses, the Cache-Control: max-age header field in both requests and responses and the expires field in HTTP cookies express time-to-live in this way.

Search