DNS Propagation - Duration and Verification

Understand why your DNS changes take time to propagate.

DNS propagation is the process by which your DNS record changes spread across all DNS servers on the Internet. It's not an "active" propagation but rather the progressive expiration of DNS caches around the world.

When you modify a DNS record, servers that have the old value cached don't immediately see the change. They continue using the old value until TTL expiration. That's why some users see the change before others.

"DNS propagation can take up to 48 hours" is a common phrase but often pessimistic. With good TTL management, propagation can be much faster. Understanding this mechanism allows you to better plan your changes.

How Propagation Works

DNS propagation relies on cache expiration:

  • Hierarchical caches: DNS records are cached at multiple levels: ISP resolvers, enterprise DNS servers, browsers, operating systems.
  • TTL expiration: Each cache keeps the record until TTL expiration. A 3600s TTL means up to 1h of caching.
  • No notification: There's no mechanism to "notify" all caches of a change. They must wait for expiration and re-query.
  • Asynchronous propagation: Different users see the change at different times depending on when their cache expires. Hence the impression of "progressive" propagation.

Factors Affecting Propagation

Several elements influence propagation speed:

  • Previous TTL: This is the main factor. If the old TTL was 86400s (24h), full propagation can take 24h. Hence the value of reducing TTL before a change.
  • Aggressive caches: Some resolvers (especially ISPs) ignore very short TTLs and impose a minimum. They may keep data longer than expected.
  • Browser cache: Browsers have their own DNS cache, often with a minimum 1-minute TTL. Closing and reopening the browser can help.
  • Negative caching: DNS errors (NXDOMAIN) are also cached. If your domain was temporarily "non-existent", this error may be cached.

How to Verify Propagation

Several methods to verify if your changes are propagated:

  1. Online tools: Sites like whatsmydns.net, dnschecker.org query DNS servers worldwide and show if changes are propagated.
  2. dig with specific servers: Use dig @8.8.8.8 example.com to query Google DNS, @1.1.1.1 for Cloudflare. Compare results.
  3. Clear local cache: On Windows: ipconfig /flushdns. On Mac: sudo dscacheutil -flushcache. Then test again.
  4. Wait for TTL: If everything is correct server-side, it often just takes waiting for TTL expiration. Patience is key.

Verification Commands

Here's how to verify DNS propagation:

# Check from different public DNS servers
$ dig @8.8.8.8 example.com A +short      # Google DNS
$ dig @1.1.1.1 example.com A +short      # Cloudflare DNS
$ dig @9.9.9.9 example.com A +short      # Quad9

# See remaining TTL
$ dig @8.8.8.8 example.com A +noall +answer
example.com.  2842  IN  A  93.184.216.34
# 2842 seconds remaining in this cache

# Clear local DNS cache
# Windows
ipconfig /flushdns

# macOS
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

# Linux
sudo systemd-resolve --flush-caches

# Check authoritative NS servers
$ dig example.com NS +short
ns1.provider.com.
ns2.provider.com.

# Query authoritative server directly
$ dig @ns1.provider.com example.com A +short

Querying public DNS servers shows if changes are globally visible. Querying the authoritative server directly shows the current "truth" without cache.

Speed Up Propagation

Reduce propagation time with these techniques:

  • Plan ahead: Reduce TTL to 300-600 seconds 24-48h before a planned change. At change time, caches will already have short TTLs.
  • Check current TTL: Before an urgent change, check current TTL with dig. You'll know the maximum wait time.
  • Use a CDN: CDNs like Cloudflare can proxy your domain. IP changes on Cloudflare's side are instant for users.
  • Communicate: If propagation impacts users, communicate proactively. Explain that some may see the old site temporarily.

DNS Change Checklist

  • TTL reduced 24-48h before change (if planned)
  • Change made on authoritative server
  • Verification with dig @authoritative-server
  • Verification from multiple public DNS
  • Local cache cleared for personal test
  • Propagation monitoring in progress

Frequently Asked Questions - DNS Propagation

Why do they say "up to 48 hours"?

It's a pessimistic maximum based on 24-48h TTLs and aggressive caches. With modern TTLs (1-4h), propagation is usually complete in a few hours.

Can I speed up propagation?

Not retroactively. If TTL was long, you must wait. But for future changes, reduce TTL in advance for faster propagation.

Why do some users see the change and others don't?

Each user uses a different DNS resolver (ISP, enterprise, Google DNS...). Each cached the record at a different time and therefore expires at a different time.

How to check if it's a propagation problem or something else?

Query your authoritative DNS server directly with dig @ns1.yourprovider.com. If it returns the right value, it's a propagation problem. Otherwise, the change isn't applied.

Change is propagated but my site doesn't work?

If DNS resolves correctly to the new IP, the problem is elsewhere: web server not configured, firewall, SSL not provisioned for the domain, etc.

Should I monitor propagation with MoniTao?

MoniTao monitors your DNS records continuously and alerts you of changes. After an intentional modification, you can verify the new value is in place.

Master DNS Propagation

DNS propagation isn't magic - it's simply the progressive expiration of caches. By understanding this mechanism and proactively managing your TTLs, you can plan smooth migrations and minimize disruptions.

Plan your DNS changes in advance, reduce TTLs before migrations, and use verification tools to track propagation. MoniTao can alert you when your DNS records change - intentionally or not.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing