DNS Changes FAQ
Answers to common DNS questions: why changes take time to propagate, what TTL means, how nameservers relate to DNS records, and how to verify changes are live.
DNS Changes FAQ
Why do DNS changes take time to propagate?
DNS uses a caching system. Every record has a TTL (Time To Live) value — the number of seconds resolvers are allowed to cache the record before re-querying. If your A record has a TTL of 86400 (24 hours), resolvers worldwide will continue serving the old value for up to 24 hours after you make a change.
The propagation time is effectively bounded by the TTL of the record you changed. With a TTL of 300 (5 minutes), most resolvers update within 10 minutes. With a TTL of 86400, it can take up to 24 hours for full propagation.
How do I speed up DNS propagation?
Lower your TTL before making changes:
- 24 hours before the change: Reduce the TTL to 300 seconds (5 minutes).
- Wait 24 hours for the low TTL to propagate (so resolvers respect the new shorter TTL).
- Make your DNS change.
- Wait 5-10 minutes — propagation is now fast because the TTL is low.
- Verify with the DNS Propagation Checker — confirm the new value is live globally.
- After the change is stable: Raise the TTL back to 3600 or 86400.
What is the difference between WHOIS nameservers and DNS records?
These are two different systems that often get confused:
WHOIS nameservers are listed in your domain's WHOIS record and indicate which DNS servers are authoritative for your domain. They are configured at your registrar (where you registered the domain).
DNS records (A, MX, TXT, CNAME, etc.) live on the authoritative nameservers themselves and control where the domain actually points. They are configured in your DNS provider's control panel.
When you change registrars or move to a new DNS provider, you update the WHOIS nameservers first. DNS record changes happen at the DNS provider.
ElasticDomain detected a DNS change I didn't make. What should I do?
Treat this as a security incident until proven otherwise:
- Log in to your DNS provider immediately and check the current records.
- Compare to expected values — do the current records match what you intended?
- Check access logs in your DNS provider — look for unauthorized logins.
- If unauthorized: Revert the change, rotate all credentials (DNS provider password, API keys), and enable MFA if not already active.
- Investigate how the change was made — compromised credentials, unauthorized API key, or insider action.
What is a CNAME flattening and when do I need it?
RFC 1034 prohibits CNAME records at the zone apex (the root domain itself — example.com, not sub.example.com). This is a problem when you want to point example.com to a hostname (e.g., a CDN or hosting provider) using CNAME syntax.
Many DNS providers offer "CNAME flattening" (also called ALIAS or ANAME records) which resolves the CNAME at the DNS level and returns an A record. Use this when your hosting provider requires you to CNAME your root domain.
Why do my DNS changes show as correct in one location but not another?
Different resolvers have cached different versions of the record depending on when they last queried. This is normal during propagation.
Use ElasticDomain's DNS Propagation Checker to see the status across 50+ resolvers globally. The percentage of resolvers showing the new value tells you how far propagation has progressed.
What does TTL 0 mean? Should I use it?
TTL 0 means no caching — every resolver must query the authoritative nameserver for every request. This is useful for very rapid failover scenarios but puts significant load on your nameservers and increases DNS latency for every visitor. Do not use TTL 0 in production except temporarily during critical migrations.
My WHOIS shows the correct nameservers but DNS doesn't work. Why?
Possible causes:
- Nameserver propagation still in progress: Nameserver changes can take 24-48 hours to fully propagate.
- Wrong records at the new nameserver: You pointed to the new DNS provider but haven't configured the records there yet.
- Locked domain: Some domain statuses prevent nameserver updates from taking effect.
- Registry issue: Rare, but sometimes the registry takes time to update its own records.
Check the DNS tab in ElasticDomain to see what records are actually resolving and compare to what you have configured.