The Nameforge · Deep dive
intermediate · 5 min

TTL, Caching, and the Propagation Myth

Why DNS changes don't appear instantly

'DNS propagation' isn't a thing — caching is. Once you understand TTL, the mysterious delay after a DNS change becomes completely predictable (and controllable).

Every DNS record carries a **TTL** — a number of seconds. When a resolver learns an answer, it may cache and reuse that answer until the TTL expires. That's it. That's the whole 'propagation' mystery.

TTL 300s
cached answer served until the countdown hits zero, then re-fetched fresh
A cached answer is valid until its countdown hits zero — then the resolver fetches fresh.
🔑TTL is not a suggestion. It is a countdown. A record with TTL 300 can be served from cache for up to 300 seconds after you change it.

Why some users see the change and others don't

Different resolvers cached the old answer at different moments, so their countdowns expire at different times. The authoritative server already has the new value; the resolvers are simply obeying the TTL you set.

Negative caching

Resolvers also cache **failures**. If a name didn't exist and you then create it, resolvers may keep returning NXDOMAIN until the negative-cache TTL (governed by the zone's SOA minimum) expires. Creating a record and seeing it 'not work' for a few minutes is usually negative caching, not a broken zone.

The operator move: lower TTL before a change

  • Days before a planned migration, drop the record's TTL (e.g. to 60s).
  • Wait for the old (high) TTL to age out everywhere.
  • Make the change — now it ages out fast.
  • Raise the TTL back afterwards for efficiency.

Commands to try

$ dig +noall +answer example.com

See the current TTL counting down on repeated queries.

$ dig @authoritative example.com

The authoritative TTL is the 'fresh' value resolvers will cache next.

$ resolvectl flush-caches

Clear your local resolver cache to fetch fresh immediately.

Common mistakes

Calling it 'propagation' and waiting helplessly.
It's caching. Check the TTL; compare resolver vs authoritative; flush if needed.
Cutting over with a 24h TTL still set.
Lower the TTL well in advance so the old answer ages out quickly.

Related quests

The First Query

Further reading

External, optional depth — opens in a new tab. We summarise concepts in our own words; these go further.

What is DNS TTL?Cloudflare Learningbeginner · 6m

Short, practical explainer on TTL and how to choose values.

Negative Caching of DNS Queries (RFC 2308)RFC 2308advanced · 30m

How NXDOMAIN/NODATA caching works and where the SOA minimum comes in.

← Back to the quest map