HomeDNS Tools
DNS Guides

Deepen your dns knowledge

14 min
How DNS Propagation Works: TTL, Resolvers & the Global Timeline
When you update a DNS record — whether you're pointing a domain to a new server, switching providers, or adding an MX record — you won't see the change everywhere at once. Understanding how DNS propagation works is essential for anyone managing infrastructure, because the "24–48 hours" answer most guides repeat tells you nothing useful. The real timeline depends on TTL values you set days earlier, the behaviour of resolvers across dozens of independent networks, and factors entirely outside your control. This guide breaks down the actual mechanism: the hierarchy, the caching chain, resolver-specific behaviour, and the downstream effects on email, SSL, and CDN delivery.
9 min
DNS Propagation Still Pending After 24 Hours? Here's Why
Your DNS change should be live. The record is updated in your dashboard, hours have passed, and yet users — or you — are still hitting the old server. DNS propagation taking too long is one of the most frustrating infrastructure problems precisely because the fix isn't always obvious, and "just wait longer" is rarely the right answer. This guide identifies every real cause of delayed propagation, gives you the diagnostic commands to isolate which one you're dealing with, and tells you exactly what you can — and can't — do to resolve it.
7 min
DNS TTL Explained: What It Is, How to Set It, and When to Lower It
Every DNS record you publish carries a value that most people ignore until a migration goes wrong: the Time to Live. **DNS TTL explained** simply is the number of seconds a resolver is allowed to cache a record before it must fetch a fresh copy from your authoritative nameserver. Set it too high and you're locked into a 24-hour propagation window every time you need to make a change. Set it too low and you're generating unnecessary query load while degrading your resilience against authoritative nameserver outages. Understanding TTL properly — what it does, what values suit each record type, and the precise timing of the pre-migration reduction strategy — is one of those fundamentals that saves real incident time when you eventually need it.
11 min
DNSSEC Explained: Chain of Trust, Record Types, and How to Validate Your Zone
Every DNS response your resolver receives could, in theory, have been forged. Without any authentication mechanism, nothing in the original DNS protocol prevents a malicious actor from injecting fabricated answers — pointing your domain to a different IP, redirecting email, or silently modifying records during resolution. **DNSSEC** (DNS Security Extensions, [standardised by ICANN and the IETF](https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en)) addresses this by adding cryptographic signatures to DNS responses, allowing resolvers to verify that the data they received was genuinely published by the zone's authoritative nameserver and hasn't been tampered with in transit. This guide explains what DNSSEC actually protects against, how the chain of trust works from the root zone down to your domain, what each of the five DNSSEC record types does, how validation works step-by-step, and how to verify — and troubleshoot — your own zone's DNSSEC configuration.
Browse all dns guides →
More Tool Categories

Or search across all 58+ tools in the full tool directory.