What is DNS and How Does It Work?
The Domain Name System (DNS) is the internet's address book. It translates human-readable domain names like example.com into machine-readable IP addresses like 93.184.216.34. Without DNS, you'd need to memorize a string of numbers for every website you visit.
When you type a domain name into your browser, your device initiates a DNS lookup — a chain of requests that passes through several types of servers to find the correct IP address. The process involves four key server types:
🔄 Recursive Resolver
The first stop. Your device asks this server (usually provided by your ISP, or a public resolver like Google or Cloudflare) to find the answer. It does the legwork of querying other servers on your behalf, and caches the result so future lookups are faster.
🌐 Root Name Server
The starting point of the DNS hierarchy. There are 13 root server clusters worldwide. They don't know the IP address of your domain directly — instead, they point the resolver to the correct TLD (Top Level Domain) server for .com, .org, .net, etc.
🏢 TLD Name Server
Manages all domains under a specific top-level domain. The .com TLD server knows which authoritative nameservers are responsible for example.com but not example.org. Changes to nameserver records at your registrar update here.
📌 Authoritative Name Server
The definitive source for your domain's DNS records. This server holds the actual A, AAAA, MX, TXT, and other records you've configured. When you make a DNS change at your hosting provider, this is where it takes effect first.
Once the IP address is resolved, it's cached by the recursive resolver for the duration specified by the record's Time to Live (TTL). This caching is what makes DNS fast — but it's also what causes DNS propagation delays when records change.
What Happens When You Visit a Website? (DNS Lookup Step by Step)
Here's the full chain of events when a user visits www.example.com for the first time, with no cached DNS data. Each step is a potential point where DNS propagation delays can occur:
1
You type www.example.com into your web browser.
2
Your device checks its local DNS cache. No result found, so it sends a query to your configured recursive resolver (e.g., your ISP's DNS server, Google 8.8.8.8, or Cloudflare 1.1.1.1).
3
The recursive resolver checks its own cache. No result, so it queries a root name server to find who manages .com domains.
4
The root server responds with the IP address of the .com TLD name server.
5
The recursive resolver queries the .com TLD server for the authoritative nameservers of example.com.
6
The TLD server responds with the authoritative nameserver addresses (e.g., ns1.example.com).
7
The recursive resolver queries the authoritative nameserver for the A record of www.example.com.
8
The authoritative nameserver returns the IP address (e.g., 93.184.216.34) along with a TTL value.
9
The recursive resolver caches the result for the TTL duration and returns it to your device.
10
Your browser connects directly to the IP address and loads the website.
On subsequent visits, steps 3–8 are skipped entirely — the recursive resolver returns the cached answer immediately. This is why DNS changes aren't instant: the cached answer is served until the TTL expires.
What is DNS Propagation?
DNS propagation is the process by which updated DNS records spread across the worldwide network of recursive resolvers. When you change a DNS record — such as updating an A record to point to a new IP address, switching MX records to a new email provider, or changing nameservers entirely — that change doesn't take effect everywhere at once.
The update starts at your authoritative DNS server and gradually spreads as cached copies of your old records expire on recursive resolvers around the world. Each resolver holds onto the previous version of your DNS records until the cached copy reaches the end of its Time to Live (TTL), at which point it fetches the fresh record from the authoritative server.
During this propagation window, some users will see the new records while others still receive the old ones — depending on which resolver they use and whether that resolver's cache has expired. This is why a website migration can appear to work for some visitors but not others, or why email starts flowing to the new server for some recipients while others still deliver to the old one.
While technically DNS records don't "propagate" in the traditional sense (they're not pushed out to servers), the term DNS propagation is universally used to describe this cache-expiry-and-refresh cycle. A DNS propagation checker lets you see exactly which resolvers around the world have picked up your changes and which are still serving stale cached data.
How Long Does DNS Propagation Take?
DNS propagation typically takes anywhere from a few minutes to 48 hours, though most changes propagate within 1–4 hours. The actual time depends on several factors:
⏱️ TTL (Time to Live)
The most important factor. The TTL value on your DNS record tells resolvers how long to cache the record before checking for an update. A TTL of 3600 means resolvers cache for 1 hour. A TTL of 86400 means 24 hours. Pro tip: lower your TTL to 300 (5 minutes) at least 24–48 hours before making a change to dramatically speed up propagation.
🌐 ISP and Resolver Caching
Not all resolvers honor TTL values exactly. Some ISP resolvers cache records longer than the specified TTL, while large public resolvers like Google (8.8.8.8) and Cloudflare (1.1.1.1) generally respect TTLs more precisely. ISPs also cache results across many users, so one slow ISP resolver can affect thousands of people.
🏢 Registrar and TLD Updates
Changes to nameserver (NS) records at the registrar level can take longer because they involve updates to the parent TLD zone (e.g., the .com servers). These TLD servers have their own refresh intervals, which is why NS changes can take up to 48 hours in worst-case scenarios.
⚠️ Negative Caching
If a resolver previously received an NXDOMAIN (domain not found) response, it may cache that negative result for the duration of the SOA record's minimum TTL. This can delay propagation of newly created domains or subdomains that didn't exist before.
💡 Rule of thumb: Simple A record changes with a low TTL propagate within minutes. MX and TXT record changes typically complete within 1–4 hours. Nameserver changes at the registrar level can take up to 48 hours. Use this DNS propagation checker to monitor progress in real-time rather than guessing.
How Does This DNS Propagation Checker Work?
DNS Spy's propagation checker queries your domain against 40+ public DNS resolvers distributed across the globe. Each resolver is queried independently and in parallel from multiple geographic vantage points, giving you a comprehensive, real-time view of how your DNS changes are spreading worldwide.
For each resolver, we show you:
- ✅ Resolved value — the IP address, hostname, or other record data returned
- ⏱️ TTL remaining — how long until this resolver's cache expires and fetches fresh data
- ⚡ Response time — how fast the resolver responded, in milliseconds
- 🌍 Geographic location — city, country, and provider for each resolver
- 🔄 Per-resolver refresh — re-check any individual resolver without re-running the entire global check
Results are displayed on an interactive world map with color-coded markers so you can see geographic propagation patterns at a glance. Unlike other propagation checkers that query resolvers from a single server, DNS Spy queries from multiple geographic vantage points worldwide — giving you a more accurate picture of what users in different regions are actually experiencing.
Which DNS Record Types Can Be Checked?
DNS uses different record types to store different kinds of information about a domain. You can check propagation for all of the following record types and more:
A Record
The most common DNS record. Maps a domain to an IPv4 address. When someone visits your website, the A record determines which server they connect to.
example.com → 93.184.216.34
AAAA Record
The IPv6 equivalent of an A record. Maps a domain to a 128-bit IPv6 address. Increasingly important as IPv6 adoption grows worldwide.
example.com → 2606:2800:220:1:248:1893:25c8:1946
CNAME Record
Creates an alias from one domain to another. Commonly used for subdomains like www or for pointing to CDN and SaaS providers. The resolver follows the chain to find the final A/AAAA record.
www.example.com → example.com
MX Record
Specifies the mail servers responsible for receiving email for your domain, along with a priority value. Lower numbers = higher priority. Incorrect MX records mean lost email.
10 mail.example.com
NS Record
Identifies the authoritative nameservers for a domain — the servers that hold the definitive DNS records. NS changes at the registrar level propagate through the TLD servers and typically take the longest.
ns1.dnsprovider.com
TXT Record
Stores arbitrary text data. Commonly used for email authentication (SPF, DKIM, DMARC), domain verification (Google, Microsoft 365), and security policies. A domain can have multiple TXT records.
"v=spf1 include:_spf.google.com ~all"
SOA Record
Start of Authority — contains administrative information about the DNS zone including the primary nameserver, admin email, serial number, and timing parameters for zone transfers and caching.
CAA Record
Certificate Authority Authorization — specifies which CAs are allowed to issue SSL/TLS certificates for your domain. An important security control. Validate your CAA records →
PTR Record
Pointer record — maps an IP address back to a hostname (reverse DNS). Used for email deliverability verification and network diagnostics. Typically managed by the IP address owner.
SRV Record
Service record — specifies the host and port for specific services like SIP, XMPP, or LDAP. Includes priority and weight fields for load balancing across multiple service endpoints.
These 10 common types are shown by default. Click "Show all record types" to access 35+ additional types including DNSKEY, DS, TLSA, SSHFP, HTTPS, SVCB, and more — making this the most comprehensive DNS propagation checker available.
Why Is My DNS Not Propagating?
If your DNS changes aren't showing up after the expected time, here are the most common causes and how to fix them:
1. High TTL on the previous record
If your old record had a TTL of 86400 (24 hours), resolvers will serve the cached old record for up to a full day. You can't force external resolvers to clear their cache — you must wait for the TTL to expire. Prevention: always lower TTL to 300 (5 minutes) at least 24–48 hours before making DNS changes.
2. DNS change not actually saved
Double-check that your change was actually published. Some DNS providers require clicking a "Publish" or "Save changes" button after editing. Query your authoritative nameserver directly to confirm the new record is live at the source before waiting for propagation.
3. Wrong record or hostname edited
A common mistake: changing the A record for example.com but forgetting www.example.com (or vice versa). Also check that you edited the correct record type — an A record and a CNAME for the same subdomain can't coexist.
4. Local DNS cache on your device
Your computer and browser have their own DNS caches. Even if global propagation is complete, your machine may still show the old record. Flush your local cache:
Windows: ipconfig /flushdns
macOS: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
Linux: sudo systemd-resolve --flush-caches
5. Nameserver delegation not updated
If you changed nameservers at your registrar, the NS records at the TLD level need to update first. This can take up to 48 hours. During this time, some resolvers query the old nameservers while others query the new ones, leading to inconsistent results.
6. ISP resolver ignoring TTL
Some ISPs run aggressive DNS caches that don't strictly honor TTL values. If propagation looks complete on most resolvers but your ISP still shows the old record, try temporarily switching to a public resolver like Google (8.8.8.8) or Cloudflare (1.1.1.1).
How to Speed Up DNS Propagation
While you can't force every resolver in the world to update simultaneously, these proven strategies minimize propagation time:
-
1
Lower your TTL in advance
24–48 hours before making a DNS change, reduce the TTL to
300seconds (5 minutes). By the time you make the actual change, most resolvers will already have short-lived caches. This is the single most effective technique. -
2
Verify the change at the source
Before waiting for propagation, query your authoritative nameserver directly to confirm the new record is actually live. If it's not correct at the source, it can't propagate anywhere.
-
3
Monitor with a propagation checker
Use this tool to watch which resolvers have updated in real-time. You may find propagation is effectively complete even if 1–2 outlier resolvers still cache old data.
-
4
Flush your local DNS cache
If global propagation looks complete but your machine still shows old results, flush your local DNS cache and restart your browser. Your device's cache is separate from the resolver network.
-
5
Raise TTL back after propagation
Once propagation is complete and the new records are working correctly, raise your TTL back to a reasonable value (
3600–86400) to reduce query load on your nameservers and improve resolution speed for end users.
Make Sure to Check All Your DNS Records
When verifying DNS changes, remember that most domains have multiple record types that need to be correct. A website migration might involve changing A records, but you'll also want to verify:
- A and AAAA records for both the root domain (
example.com) andwwwsubdomain - MX records if you're also migrating email services
- TXT records for SPF, DKIM, and DMARC email authentication
- CNAME records for any subdomains (blog, app, api, etc.)
- NS records if you changed nameservers at the registrar
- CAA records if you need to ensure SSL certificate issuance works with the new provider
Use the record type dropdown above to check each type independently. You can also use our free domain scanner to get a complete overview of all DNS records for any domain, or our CAA record validator to verify your certificate authority authorization setup.
Frequently Asked Questions
What is a DNS propagation checker?
A DNS propagation checker is a tool that queries your domain against multiple DNS resolvers around the world to show you which servers have received your latest DNS changes and which are still serving cached (old) records. It helps you monitor the progress of DNS propagation in real-time after making changes.
What is DNS propagation?
DNS propagation is the process by which updated DNS records spread across the worldwide network of recursive resolvers. When you change a DNS record, the update starts at your authoritative nameserver and gradually spreads as cached copies of your old records expire on resolvers around the world. Each resolver holds onto the previous version until its cached copy reaches the end of its Time to Live (TTL), then fetches the fresh record.
How long does DNS propagation take?
DNS propagation typically takes anywhere from a few minutes to 48 hours, though most changes propagate within 1 to 4 hours. The actual time depends on the TTL value on your record, ISP and resolver caching behavior, registrar and TLD update intervals, and any negative caching from previous NXDOMAIN responses. Lowering your TTL to 300 seconds at least 24 to 48 hours before a planned change dramatically speeds up propagation.
Why do different locations show different DNS results?
Each DNS resolver caches records independently based on the TTL (Time to Live) value. When you update a DNS record, resolvers that cached the old record continue serving it until their cache expires. Resolvers in different locations may have cached the record at different times, so they expire at different times — causing temporarily inconsistent results across the globe.
Can I force DNS propagation to happen faster?
You cannot force external resolvers to clear their caches. However, you can minimize propagation time by lowering the TTL on your DNS records to 300 seconds (5 minutes) at least 24-48 hours before making a change. This ensures that by the time you update the record, most resolvers have short-lived caches that expire quickly.
Why does my DNS still show the old IP address after I changed it?
This is usually due to DNS caching. Your recursive resolver (often your ISP's server), your operating system, and even your browser all cache DNS results. Check the TTL of the old record — you'll need to wait for that duration to pass. You can also try flushing your local DNS cache (ipconfig /flushdns on Windows, sudo dscacheutil -flushcache on macOS) and restarting your browser.
How many DNS resolvers does the DNS Spy checker query?
The DNS Spy DNS Propagation Checker queries 40+ public DNS resolvers worldwide, including Cloudflare, Google, Quad9, OpenDNS, NextDNS, and regional resolvers across Asia, Europe, South America, and Africa. Queries originate from 8 global vantage points so the data reflects what real users in each region experience.
Does the DNS Spy checker validate DNSSEC?
Yes. The DNS Propagation Checker reports DNSSEC validation status for every resolver that supports it. If your DNSSEC is misconfigured, some resolvers will refuse to return your record at all — which often looks like a propagation failure on other tools. The DNS Spy checker tells you the actual reason: validation failed.
Stop Checking Manually — Let DNS Spy Monitor Your Domains 24/7
This free DNS propagation checker gives you a snapshot at a point in time. But what about the other 23 hours a day when you're not watching? DNS records can change unexpectedly due to misconfigurations, expired domains, hijacking attempts, or provider outages — and you might not find out until customers start complaining.
DNS Spy continuously monitors your domains and alerts you the moment any DNS record changes — before your customers notice. Track A, AAAA, MX, NS, TXT, CAA, and dozens of other record types across all your domains with automatic change detection, security checks, SSL certificate monitoring, and detailed history.