← Back to Guides
CONCEPTS

Understanding DNS Propagation (And Why It Takes Forever)

January 15, 202610 min read

You changed your DNS record. You checked the authoritative nameserver—it's there! But half the internet still sees the old value. Welcome to DNS propagation, the most frustrating waiting game in web development.

What Actually Is "Propagation"?

First, let's debunk a myth: DNS doesn't actually "propagate." There's no wave of updates spreading across the internet. The word "propagation" is a misnomer, but we're stuck with it.

What's really happening: DNS records are cached everywhere, and those caches expire at different times.

When you change a DNS record, you're updating it on your authoritative nameserver. But millions of DNS resolvers around the world have the old value cached. They'll keep serving that old value until their cache expires (based on the record's TTL).

The Layers of DNS Caching

DNS records get cached at multiple levels. When you change a record, you're waiting for caches to expire at ALL of these layers:

1. Your Browser

Most browsers cache DNS lookups independently. Chrome, Firefox, Safari—they all do it. Even if every DNS server in the world has the new record, your browser might still have the old one cached.

How long? Usually 60 seconds to a few minutes.

How to clear it:

  • Chrome: Visit chrome://net-internals/#dns and click "Clear host cache"
  • Firefox: Restart the browser
  • Safari: Quit and reopen

2. Your Operating System

Windows, macOS, and Linux all cache DNS lookups at the OS level. Applications query the OS cache before hitting external DNS servers.

How long? Varies by OS and TTL, usually minutes to hours.

How to clear it:

  • Windows: ipconfig /flushdns
  • macOS: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
  • Linux: sudo systemd-resolve --flush-caches (if using systemd-resolved)

3. Your Router

Many routers cache DNS queries. All devices on your network share this cache.

How long? Depends on the router, often several hours.

How to clear it: Restart your router (or change your device's DNS to 8.8.8.8 to bypass it).

4. Your ISP's DNS Resolver

This is the big one. ISP resolvers handle DNS for millions of users. They cache aggressively to reduce load on authoritative servers.

How long? Supposed to respect TTL, but many ISPs ignore it and cache for 24+ hours.

How to bypass it: Use public DNS like Google (8.8.8.8) or Cloudflare (1.1.1.1).

5. Public DNS Resolvers (Google, Cloudflare, etc.)

These generally respect TTL values. If your TTL is 300 seconds, they'll cache for 300 seconds.

How long? Exactly the TTL you set (usually).

6. CDNs and Reverse Proxies

If you use Cloudflare, AWS CloudFront, or similar services, they cache DNS lookups too.

How long? Varies by service and configuration.

The Role of TTL (Time To Live)

TTL is how long (in seconds) a DNS record should be cached. When a resolver queries your authoritative nameserver, the response includes a TTL:

example.com.  300  IN  A  93.184.216.34

That 300 means "cache this for 300 seconds (5 minutes)." After 5 minutes, the resolver should fetch fresh data.

Common TTL Values

  • 300 seconds (5 min) — Good for active sites with potential for changes
  • 3600 seconds (1 hour) — Standard for most domains
  • 86400 seconds (24 hours) — For rarely-changing records
  • 60 seconds (1 min) — For testing or when changes are imminent

The Problem: Not Everyone Respects TTL

In a perfect world, if you set TTL to 60 seconds, everyone would refresh after 60 seconds. In reality:

  • Some resolvers ignore TTL and cache longer
  • Some enforce minimum TTLs (e.g., "never cache less than 5 minutes")
  • Some over-respect TTL and cache even longer "to be safe"

This is why DNS propagation is unpredictable. You can set TTL to 60 seconds, but some resolver in Romania might cache it for 6 hours anyway.

Why "Up to 48 Hours"?

You've seen this warning everywhere: "DNS changes can take up to 48 hours to propagate globally."

This is outdated but conservative advice. Back in the early internet, many resolvers had default cache times of 24-48 hours. Today, most respect reasonable TTLs.

The reality in 2026:

  • If your TTL is 5 minutes, most users see changes within 5-15 minutes
  • If your TTL is 1 hour, most users see changes within 1-2 hours
  • If your TTL is 24 hours, yeah, it might take 24-48 hours

The "48 hour" rule is worst-case scenario. Most changes propagate much faster.

Nameserver Changes Are Different

Changing an A record? That's fast (TTL-dependent).

Changing your domain's nameservers (pointing your domain to different DNS providers)? That's slow.

When you change nameservers at your domain registrar, the change has to propagate through the parent zone (the .com zone, .net zone, etc.). These zones have their own TTLs, often 24-48 hours.

Strategy for nameserver changes:

  1. Set up the new nameservers with identical records to the old ones
  2. Change the nameserver delegation at your registrar
  3. Wait 48-72 hours
  4. Verify all traffic is hitting new nameservers
  5. Only then make record changes

How to Speed Up DNS Propagation

Before Making Changes

Lower your TTL 24-48 hours in advance. If your record has a 24-hour TTL and you change it today, some resolvers will cache the old value for 24 hours. But if you lower the TTL to 5 minutes a day before your change, most caches will have expired by the time you make the actual change.

After Making Changes

  • Clear your local caches (browser, OS) so you're not fooled by your own cache
  • Use public DNS (8.8.8.8, 1.1.1.1) to bypass ISP caches
  • Check from multiple locations using tools like DNS Checker or What's My DNS
  • Query authoritative nameservers directly to verify the change is live:
    dig @ns1.yourprovider.com yourdomain.com

Use Low TTLs for Dynamic Records

If a record changes frequently (like for blue/green deployments or failover), keep its TTL at 60-300 seconds. Yes, this means more queries to your nameservers, but authoritative DNS is cheap and fast.

Checking Propagation Status

Command Line

Query different public resolvers:

dig @8.8.8.8 yourdomain.com        # Google dig @1.1.1.1 yourdomain.com        # Cloudflare dig @208.67.222.222 yourdomain.com # OpenDNS

If they all return the same value, propagation is mostly complete.

Web Tools

Common Propagation Issues

I Updated the Record but Nothing Changed

  • Did you update the right zone? (Check your authoritative nameserver directly)
  • Did you save/publish the change? (Some DNS panels require a "publish" step)
  • Are you checking cached values? (Clear local caches, query public DNS)

Some Locations See New Value, Others See Old

This is normal during propagation. Caches expire at different times. Check the TTL on the old record— that's how long the stragglers will take.

It's Been Way Longer Than the TTL

  • Some resolvers ignore TTL (especially small ISPs)
  • Some caches have minimum TTL overrides
  • Cloudflare and other CDNs may have additional caching layers

Different Regions See Different Values (And It's Not Caching)

You might have GeoDNS or Anycast configured. Some DNS providers return different answers based on the querying location. This is intentional, not a propagation issue.

The Lifecycle of a DNS Change

  1. T+0 min: You update the record on your authoritative nameserver
  2. T+0 min: Queries to authoritative server immediately return new value
  3. T+5 min: Public DNS resolvers (Google, Cloudflare) see new value (if TTL was 5 min)
  4. T+15 min: Most users worldwide see new value
  5. T+1 hour: 90%+ of traffic sees new value
  6. T+24 hours: Virtually everyone sees new value
  7. T+48 hours: Even the most stubborn ISP caches have expired

Best Practices

  • Use reasonable TTLs — 5 minutes to 1 hour for most records
  • Lower TTL before big changes — 24-48 hours in advance
  • Raise TTL after changes stabilize — Reduces query load
  • Test changes on staging domains first — Catch issues before they affect production
  • Keep old infrastructure running during propagation — Don't turn off the old server the second you change DNS
  • Monitor from multiple locations — Don't assume your local view is what everyone sees
  • Have a rollback plan — Know how to revert changes if things go wrong

Final Thoughts

DNS propagation isn't magic, and it's not really "propagation." It's just caches expiring at different rates across millions of resolvers worldwide.

Understanding this makes it less frustrating. You can't force instant propagation (the internet doesn't work that way), but you can:

  • Plan around TTLs
  • Lower TTLs before changes
  • Clear local caches to test
  • Monitor propagation status
  • Be patient

Most importantly: it's not broken, it's just slow. If your authoritative nameserver has the new record, propagation is happening. Just give it time.

And remember: it's always DNS, but sometimes it's just DNS... waiting.

← Back to Guides