Articles

How DNS Propagation Works and Why Changes Take Time (2026)

April 16, 2026 5 min read

DNS propagation is often misunderstood as a single event, but it’s actually a distributed caching mechanism that ensures resilience and performance.

Let’s look at a common scenario: you’ve just updated the IP address for your domain, example.com, at your DNS provider. You expect the change to be instantaneous.

Here’s a simplified view of what happens when a user’s browser requests example.com:

  1. User’s Device/Resolver: The browser asks the local DNS resolver (often provided by your ISP or a public service like Google’s 8.8.8.8) for the IP address of example.com.
  2. Resolver Cache Check: The resolver first checks its own cache. If it has a recent, valid record for example.com, it returns that IP address immediately. This is why your changes aren’t instant. The resolver is holding onto the old information.
  3. Root Servers: If the resolver doesn’t have the record, it asks a root DNS server, "Where can I find the servers for .com?"
  4. TLD Servers: The root server replies with the IP addresses of the Top-Level Domain (TLD) name servers for .com. The resolver then asks one of these .com servers, "Where can I find the servers for example.com?"
  5. Authoritative Name Servers: The .com TLD server replies with the IP addresses of example.com’s authoritative name servers (usually managed by your DNS provider). The resolver then asks one of these servers, "What is the IP address for example.com?"
  6. Authoritative Response: The authoritative name server checks its zone file and returns the correct, current IP address for example.com.
  7. Resolver Caches and Responds: The resolver caches this new IP address (along with its Time-To-Live or TTL value) and returns it to the user’s browser.

The "propagation" you’re waiting for is the process of this new IP address being delivered to all the DNS resolvers around the world and then being cached by them.

The key factor determining how long this takes is the Time-To-Live (TTL) value set for the DNS record itself.

When you create or modify a DNS record (like an A record for example.com), you set a TTL. This is a duration, specified in seconds, that tells DNS resolvers how long they should cache that record before asking the authoritative name server for it again.

  • Low TTL (e.g., 300 seconds = 5 minutes): Resolvers will only cache the record for 5 minutes. After that, they must re-query the authoritative server. This makes changes propagate much faster.
  • High TTL (e.g., 86400 seconds = 24 hours): Resolvers will cache the record for a full day. This reduces load on authoritative servers and speeds up lookups for users whose resolvers already have the record, but it means changes can take up to 24 hours to be seen globally.

Example Configuration:

Let’s say you’re using Cloudflare and have an A record for example.com:

example.com. IN A 192.0.2.1 TTL 3600

This record means: "For the domain example.com, the IP address is 192.0.2.1. DNS resolvers should cache this information for 3600 seconds (1 hour)."

If you change the IP address to 192.0.2.2 and keep the TTL at 3600, resolvers that have already cached the old IP will continue to use 192.0.2.1 for up to an hour. Only after their cache expires will they fetch the new IP.

Why does this caching exist?

Imagine a world without DNS caching. Every single DNS lookup would have to traverse the entire chain from the user’s device up to the authoritative name server. This would be incredibly slow, create massive load on authoritative servers, and make the internet unusable. Caching distributes the load and speeds up access dramatically.

Practical implications:

  • During a migration: If you’re moving servers, you’ll want to lower the TTL on your DNS records before you make the IP address change. A common strategy is to set the TTL to a low value like 300 seconds (5 minutes) a day or two in advance. This ensures that when you do change the IP address, most resolvers will have a short cache duration and will fetch the new IP quickly. Once the change has propagated and you’re confident, you can raise the TTL back to a higher value (e.g., 3600 or 86400) for better performance.
  • Troubleshooting: If you’ve made a DNS change and it’s not appearing everywhere, the first thing to check is the TTL. If it’s high, you just have to wait. You can also use tools like dig or nslookup to query specific DNS servers directly and see what IP they are returning, bypassing your local resolver’s cache.

dig example.com @8.8.8.8

This command asks Google’s public DNS resolver (8.8.8.8) for the IP address of example.com. If it returns the old IP, it means 8.8.8.8 still has it cached. If it returns the new IP, then the change has propagated to that resolver.

The system is designed for speed and reliability, and DNS propagation is a direct consequence of that design. The time it takes isn’t a failure, but a feature of distributed caching.

The next challenge you’ll encounter is dealing with the complexities of DNS record types beyond simple A records, like CNAMEs, MX records, and TXT records.

Want structured learning?

Take the full Dns course →