How long does DNS propagation take?

It depends on the TTL (Time to Live) of your old record. If your TTL was 3600 (1 hour), propagation takes up to 1 hour. If it was 86400 (24 hours), it can take up to 24 hours. Lower your TTL to 300 seconds before making changes, wait for the old TTL to expire, then make your change for near-instant propagation.

Why can't I use a CNAME on my root domain?

The DNS specification (RFC 1034) requires that a CNAME record be the only record at a name. Root domains need other records (MX for email, TXT for verification), so a standard CNAME would conflict. Some providers like Cloudflare offer 'CNAME flattening' or 'ALIAS records' that work around this limitation.

What's the difference between A and CNAME records?

An A record points a domain directly to an IP address (e.g., 93.184.216.34). A CNAME points a domain to another domain name (e.g., www.example.com → example.com). Use A records for root domains and CNAME records for subdomains that should follow another domain's IP.

What should I do if my DNS changes aren't working?

First, verify the changes were saved at your DNS provider. Then check propagation with a tool like dnschecker.org. If some regions see the new value but others don't, it's a TTL/caching issue — just wait. If no regions see the change, your nameservers may be misconfigured. Use dig +trace yourdomain.com to trace the full resolution path.

DNS Explained: How Domain Names Actually Work

What DNS Does

DNS (Domain Name System) is the phone book of the internet. When you type example.com, DNS translates that human-readable name into an IP address like 93.184.216.34 so your browser knows which server to connect to. Every website visit, every email sent, every API call — they all start with a DNS lookup.

How a DNS Lookup Works

The full resolution process involves multiple servers working in a hierarchy. Here's what happens when you type example.com:

Browser cache — Already know the IP? Use it. Skip everything else.
Operating system cache — Your computer checks its own DNS cache
Recursive resolver — Your ISP's (or Cloudflare's 1.1.1.1, or Google's 8.8.8.8) DNS resolver takes over
Root nameserver — Resolver asks one of 13 root nameserver groups "who handles .com?"
TLD nameserver — Root says "ask the .com TLD nameserver at a.gtld-servers.net"
TLD responds — .com nameserver says "example.com uses ns1.example.com and ns2.example.com"
Authoritative nameserver — Resolver asks example.com's nameserver for the actual IP
Answer returned — Resolver gets 93.184.216.34, caches it based on the TTL, and returns it to your browser
Connection established — Browser connects to 93.184.216.34 and loads the website

This entire chain happens in 50-100ms for a cold lookup. Cached lookups take under 1ms.

DNS Record Types

A Record (Address)

Maps a domain to an IPv4 address. The most fundamental DNS record.

example.com    → 93.184.216.34
api.example.com → 10.0.1.50

Use A records for: root domains, subdomains pointing to specific servers, any direct domain-to-IP mapping.

AAAA Record (IPv6 Address)

Maps a domain to an IPv6 address. Functionally identical to an A record but for the newer IPv6 protocol.

example.com → 2606:2800:220:1:248:1893:25c8:1946

Add AAAA records alongside A records for IPv6 support. Most modern hosting provides both.

CNAME Record (Canonical Name)

Points a domain to another domain name. The DNS resolver follows the chain until it reaches an A record.

www.example.com    → example.com
blog.example.com   → hosting-provider.com
shop.example.com   → myshop.shopify.com

Important limitations:

CNAMEs cannot be used on the root domain (example.com) in standard DNS — only on subdomains
A CNAME must be the only record at that name (can't coexist with MX, TXT, etc.)
Cloudflare's "CNAME flattening" and Route 53's "ALIAS" records work around the root domain limitation

MX Record (Mail Exchange)

Routes email to the correct mail server. The priority number determines which server is tried first (lower = higher priority).

example.com → mail.google.com (priority 10)
example.com → mail2.google.com (priority 20)

If the priority-10 server is down, email falls back to priority-20. Always set at least two MX records for redundancy.

TXT Record (Text)

Stores arbitrary text data. Used for email authentication, domain verification, and security policies.

Common TXT records:

SPF — Declares which servers can send email for your domain: v=spf1 include:_spf.google.com ~all
DKIM — Cryptographic email signature verification
DMARC — Policy for handling email that fails SPF/DKIM: v=DMARC1; p=reject; rua=mailto:dmarc@example.com
Domain verification — Google, Facebook, and other services ask you to add TXT records to prove you own a domain

NS Record (Nameserver)

Declares which nameservers are authoritative for the domain. These are set at your domain registrar and tell the rest of the internet where to find your DNS records.

example.com → ns1.cloudflare.com
example.com → ns2.cloudflare.com

Other Record Types

SRV — Service location records (used for VoIP, XMPP, game servers)
CAA — Certificate Authority Authorization (controls which CAs can issue SSL certificates for your domain)
PTR — Reverse DNS (IP to domain name, used for email server verification)

DNS Propagation

When you change DNS records, the change doesn't happen instantly. Resolvers worldwide cache your old records based on the TTL (Time to Live) value you set.

| TTL Setting | Propagation Time | Use Case | |-------------|-----------------|----------| | 60 seconds | ~1 minute | Active migration, failover | | 300 seconds | ~5 minutes | Pre-change preparation | | 3600 seconds (default) | ~1 hour | Normal operations | | 86400 seconds | Up to 24 hours | Stable, rarely-changed records |

The Propagation Trick

If you know you're going to change a DNS record:

Lower the TTL to 300 (5 minutes) at least 24 hours before the change
Wait for the old TTL to expire (so all resolvers pick up the new short TTL)
Make your DNS change
The change propagates in ~5 minutes instead of hours
After confirming the change works, raise the TTL back to 3600 or higher

Troubleshooting DNS

Check Current DNS Records

# Query A record
dig example.com A

# Query specific record type
dig example.com MX
dig example.com TXT

# Use a specific resolver (useful to bypass cache)
dig @8.8.8.8 example.com A

# Full trace from root nameservers
dig +trace example.com

# Simple lookup (works on all platforms)
nslookup example.com

Check Propagation Worldwide

Use our scanner tool or sites like dnschecker.org to verify DNS has propagated across global resolvers. If some regions see the old value and others see the new one, propagation is still in progress — wait for the TTL to expire.

Common DNS Issues

| Problem | Symptom | Fix | |---------|---------|-----| | NXDOMAIN | "Domain doesn't exist" | Check nameserver configuration at registrar | | SERVFAIL | "Server failure" | Check DNS provider status page, verify records | | Slow resolution | Pages take extra seconds to load | Lower TTL, use a faster DNS provider (Cloudflare, Route 53) | | Wrong IP | Site shows wrong content or error | Verify A record points to correct server IP | | Email not delivered | Bounced emails | Check MX records and SPF/DKIM/DMARC TXT records | | SSL error on subdomain | Certificate doesn't cover subdomain | Verify CNAME/A record exists for the subdomain |

Choosing a DNS Provider

Your registrar's default DNS is usually slow and limited. Moving DNS management to a dedicated provider improves performance and adds features:

Cloudflare (free) — Fast global network, DDoS protection, CNAME flattening, analytics
AWS Route 53 ($0.50/zone/month) — High reliability, health checks, routing policies
Google Cloud DNS ($0.20/zone/month) — Fast, reliable, integrates with GCP
DNSimple ($5/month) — Developer-friendly, great API, excellent UI

Test your DNS configuration using our scanner above — it checks record health, propagation status, and common misconfigurations alongside SSL, speed, and security headers.