try.directtry.direct

Back to explains list

What is DNS propagation

DNS propagation is the time frame in which DNS modifications are being renewed over the Internet. Modifying DNS records (such as swapping the IP address specified for a particular hostname) typically takes some considerable time. It can take up to 72 hours before propagating globally. These DNS propagation times are awkward or simply inadmissible in several modern use cases.

If an IP address or other knowledge about a hostname is added or modified in a DNS record, the change must be applied to all systems in the world competing in the DNS process. When a customer completes a DNS query and reaches a system where changes have not yet been generated, the user gets the old address. That indicates the change has not propagated to that user.

There is one issue with DNS propagation. It is effective and, at the same time, one of the weakest sections. Propagation is not complete as long as you have a vast global series of DNS servers and local DNS resolvers, and a part of the chain controls the existing DNS information.

Propagation is a problem but not that intractable. Next-generation DNS base can reduce DNS propagation period from days or hours to seconds.


Why does DNS propagation take so long? Three factors affecting propagation time:


1. Time to Live (TTL) Setting

TTL is a period of time for which a query is stored in the cache of your local system or remote DNS server before the DNS resolver can request a new one. At the end of this period, DNS data from the local system is replaced by updated information, newly gathered by the DNS resolver. The lower the TTL, the quicker the propagation rate.

For example, the TTL is set to be 60 minutes. The servers in the system will continue to use old information for an hour, and it will be shown to all the website visitors in this period. Then, the local server will delete this data and create a new DNS request to get the updated information flow.


2. Internet Service Providers (ISPs)

ISPs cache DNS records to provide users immediate access to their websites. They make one DNS lookup for all websites and use the outcomes for several users as practicable. Some ISPs neglect the TTL perspective and keep DNS records in the cache even if the TTL period has previously expired. This extends the propagation time.


3. Domain Title Registry

If you change the commanding name server for your website (the DNS server that holds the official and accurate data about your web address), these changes must reflect higher up in the DNS authority. For example, if the website’s TLD extension is ".com", the name server changes will need to be updated on top-level domain (TLD) name servers. Propagation of this change can take a long time, as the root server can have a TTL of 48 hours or more to prevent abuse.


How can you check your DNS using Linux Terminal codes?

There are several websites where you can check your domain's DNS.

You can check the domain DNS information from your Linux machine using three commands.

  • dig
  • nslookup
  • host

1. How to check DNS using the dig command

The dig command is an abbreviation for "Domain Information Grover" This is a manageable tool for checking DNS name servers. It performs a DNS lookup and represents the result reflected from the queried name server.

Most DNS controllers used the dig command to resolve DNS problems because of their versatility, comfort of use, and precision in output. Other lookup tools tend to be less functional than digging.


dig google.com ANY +noall +answer

bash


Output:


➜  ~ dig google.com ANY +noall +answer
; <<>> DiG 9.10.6 <<>> google.com ANY +noall +answer
;; global options: +cmd
google.com. 274 IN A 142.250.185.174
google.com. 274 IN AAAA 2a00:1450:4001:811::200e
google.com. 3574 IN TXT "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"
google.com. 574 IN MX 40 alt3.aspmx.l.google.com.
google.com. 574 IN MX 30 alt2.aspmx.l.google.com.
google.com. 3574 IN TXT "google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ"
google.com. 21574 IN NS ns1.google.com.
google.com. 3574 IN TXT "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
google.com. 3574 IN TXT "google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o"
google.com. 34 IN SOA ns1.google.com. dns-admin.google.com. 433718347 900 900 1800 60
google.com. 3574 IN TXT "docusign=1b0a6754-49b1-4db5-8540-d2c12664b289"
google.com. 21574 IN NS ns4.google.com.
google.com. 3574 IN TXT "MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB"
google.com. 21574 IN CAA 0 issue "pki.goog"
google.com. 3574 IN TXT "v=spf1 include:_spf.google.com ~all"
google.com. 3574 IN TXT "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
google.com. 574 IN MX 50 alt4.aspmx.l.google.com.
google.com. 574 IN MX 20 alt1.aspmx.l.google.com.
google.com. 21574 IN NS ns2.google.com.
google.com. 3574 IN TXT "apple-domain-verification=30afIBcvSuDV2PLX"
google.com. 21574 IN NS ns3.google.com.
google.com. 574 IN MX 10 aspmx.l.google.com.
➜ ~

2. How to check DNS using ns lookup command


The nslookup command is a software that looks up Internet domain name servers. nslookup has two modes: interactive and non-interactive.Interactive mode allows users to ask the name server for data related to other hosts and domains and print a listing of hosts in that domain. Non-interactive methods are used to print only the name of the host or domain and the demanded information. This is a network administration tool that helps you recognize and troubleshoot DNS problems.


nslookup -type=any google.com

bash


➜  ~ nslookup -type=any google.com
;; Truncated, retrying in TCP mode.
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: google.com
Address: 142.250.186.142
google.com has AAAA address 2a00:1450:4001:82a::200e
google.com text = "v=spf1 include:_spf.google.com ~all"
google.com text = "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
google.com mail exchanger = 20 alt1.aspmx.l.google.com.
google.com
origin = ns1.google.com
mail addr = dns-admin.google.com
serial = 433718347
refresh = 900
retry = 900
expire = 1800
minimum = 60
google.com text = "apple-domain-verification=30afIBcvSuDV2PLX"
google.com nameserver = ns3.google.com.
google.com text = "google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o"
google.com text = "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"
google.com mail exchanger = 40 alt3.aspmx.l.google.com.
google.com rdata_257 = 0 issue "pki.goog"
google.com mail exchanger = 30 alt2.aspmx.l.google.com.
google.com nameserver = ns2.google.com.
google.com mail exchanger = 50 alt4.aspmx.l.google.com.
google.com nameserver = ns4.google.com.
google.com text = "docusign=1b0a6754-49b1-4db5-8540-d2c12664b289"
google.com text = "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
google.com text = "MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB"
google.com mail exchanger = 10 aspmx.l.google.com.
google.com nameserver = ns1.google.com.
google.com text = "google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ"
Authoritative answers can be found from:

3. How to check the DNS record of a domain using the host command


The host command is a simple service for implementing DNS lookups. It is usually required to explain names to IP addresses and vice versa. If no arguments or choices are defined, the host prints a report of command-line with other alternatives as follows:


host -a example.com

bash


Example:


➜  ~ host -a example.com
Trying "example.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64565
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN ANY
;; ANSWER SECTION:
example.com. 21600 IN A 93.184.216.34
example.com. 21600 IN RRSIG A 8 2 86400 20220324194307 20220304015843 1618 example.com. mjnBhgG/GRRL2Z3ErTeR7SS2xbO84arYcDK0xZBw3hoUJXSCEXLFBWrS /+H62QJxAXgeoK97DkAm6/XCHq9jEbU00HIpAiwvuS4Ee3HGeoN6sGdz oVD+Q24ojtYa8iHul/GXTkV3drApFnogSeR5El67b0FBB2RPamlujsSQ A4w=
Received 216 bytes from 8.8.8.8#53 in 143 ms