Global DNS Propagation Checker

#	Resolver	Answer	TTL	AD	Time (ms)	Copy
{{ i+1 }}	{{ row.resolver }}	{{ row.answer \|\| '—' }}	{{ row.ttl !== null ? row.ttl : '—' }}	{{ row.ad === true ? '✔' : (row.ad === false ? '✖' : '—') }}	{{ row.ms !== null ? row.ms : '—' }}
No data.

Domain Name System (DNS) propagation is how updated resource records spread across recursive resolvers worldwide. When people say DNS refresh they mean the same wave of cache updates that follows a change to a record like A, AAAA, or TXT. Checking global DNS propagation status lets you see if resolvers in different regions now agree on the new answer.

You enter a fully qualified domain name and a record type, then receive per‑resolver answers with validation flags and response times. The results reflect what public recursive resolvers, often served by anycast nodes, are returning at this moment. You can compare the majority answer, the set of unique values, and any failures to judge whether a cutover is complete.

For example, after pointing www.example.com to a new address, you might see half the resolvers report the new A record while others still show the old value. That pattern tells you propagation is underway and helps you decide when to switch traffic or notify stakeholders across regions. Be careful when testing links from untrusted sources.

Propagation differs from authority checks against your name servers because it measures what caches actually serve to users. Use it to verify cutovers, spot stale records, and confirm DNSSEC validation behavior across networks. Pair majority agreement with your change ticket and monitoring to decide when to request cache flushes or prepare a rollback during staged migrations.

Technical Details:

The checker queries multiple public recursive resolvers using the DNS over HTTPS (DoH) JSON interface, then normalizes and aggregates what each returns. It measures round‑trip time per resolver, collects the Authenticated Data flag when present, and derives a minimal time‑to‑live across answers. A majority answer is selected by comparing a normalized string for each resolver’s unique values. The propagation percentage is the share of resolvers whose answers match that majority. Processing is deterministic for the same inputs, while outcomes reflect live caches and network conditions.

Processing pipeline

Validate FQDN format and strip any trailing dot.
Build a DoH JSON query with name, type, and ct=application/dns-json.
Optionally include edns_client_subnet, do, and cd flags.
Send parallel requests to selected resolver endpoints with an accept header.
Apply a per‑resolver timeout; abort requests that exceed the limit.
Parse JSON; ignore OPT (type 41) records.
Unquote TXT payloads and remove trailing dots from host‑like values.
Sort values case‑insensitively, then de‑duplicate.
Record the minimal TTL seen, DNSSEC AD flag, and elapsed time in milliseconds.
Join values with “, ” or “ | ” when many exist, and compute a normalized key.
Pick the majority answer by the most common normalized key.
Retry failed attempts up to the chosen count; keep the fastest success.

Symbols & units

Symbols, meanings, units, and sources
Symbol	Meaning	Unit/Datatype	Source
N	Selected resolvers	integer	Input
P	Resolvers matching majority	integer	Derived
R	Propagation percentage = round(P / N × 100)	percent	Derived
`t_ms`	Per‑resolver latency	ms	Derived
`TTL_min`	Minimal TTL across answers	s	Derived
AD	DNSSEC Authenticated Data flag	boolean	Derived
`rr`	Record type	enum	Input
`ecs`	EDNS client subnet	string	Input
`do`	Request DNSSEC records	boolean	Input
`cd`	Checking disabled	boolean	Input
`timeout_ms`	Per‑resolver timeout	ms	Input
`retries`	Extra attempts per resolver	integer	Input

Validation & bounds

Inputs, limits, patterns, and error messages
Field	Type	Min	Max	Step/Pattern	Error Text	Placeholder
Domain	text	2 labels	253 chars	`^[a-zA-Z0-9-]{1,63}$` per label, no leading or trailing hyphen	Enter a valid domain (FQDN).	example.com
Record type	select	—	—	A, AAAA, CNAME, MX, NS, TXT, SOA, SRV, CAA	—	—
Resolvers	checkboxes	1	7	Cloudflare, Google, Quad9, AdGuard, DNS.SB, AliDNS, OpenDNS	Select at least one resolver.	—
DNSSEC DO	boolean	—	—	Include DNSSEC records	—	—
DNSSEC CD	boolean	—	—	Ask resolver not to set AD	—	—
EDNS client subnet	text	—	—	CIDR string, unvalidated	—	0.0.0.0/0
Timeout	number	500	—	step 100 ms	—	—
Retries	number	0	—	step 1	—	—

I/O formats & encoding

Input and output families
Input	Accepted Families	Output	Encoding/Precision	Rounding
FQDN, record type	ASCII labels; trailing dot stripped	Answer text, TTL, AD, latency	DoH JSON; integers for TTL and ms	Nearest integer; .5 rounds up
ECS, DO, CD	Strings and booleans mapped to query params	Per‑resolver rows and aggregated stats	Case‑insensitive sort; de‑duplicated values	Propagation percent rounded to whole numbers

Units, precision & rounding policy

Latency uses milliseconds with a dot as the decimal separator when present, rounded to the nearest integer.
Propagation percent uses nearest integer rounding; ties of .5 round upward.
TTL displays the minimal TTL found among returned answers, in seconds.
Value ordering is case‑insensitive; duplicates are removed before display.

Networking & storage behavior

Requests are sent from your browser to selected public resolver endpoints using DoH JSON.
An accept: application/dns-json header is used; ct=application/dns-json is added to queries.
A per‑resolver timeout aborts slow requests; optional retries attempt another fetch.
No server‑side processing or storage is performed by this checker.

Performance & complexity

Time complexity is linear in the number of selected resolvers and the number of records in each response. Requests run in parallel to reduce wall‑clock time. Memory usage is modest and proportional to the total count of per‑resolver rows. The charting layer visualizes distributions without affecting network timing.

Diagnostics & determinism

Errors surface as failed rows with placeholders and an overall alert when validation fails.
Charts appear once results exist; empties show a clear “No data” row.
Deterministic normalization and majority logic ensure consistent aggregation for identical inputs.

Security considerations

Only test domains you control or trust; avoid following untrusted links embedded in records.
EDNS client subnet can influence routing; omit it if you do not need location hints.
Do not treat resolver answers as a substitute for zone‑signing or transport security.

Worked example

Scenario: You update www.example.com from an old A record to a new target.

Inputs: Domain = www.example.com, Type = A, DO = off, CD = off, Timeout = 3500 ms, Retries = 0.

Intermediate: Three resolvers answer 203.0.113.7, two answer 203.0.113.5, one fails; minimal TTL across answers is 1800.

\begin{matrix} R & = & \frac{P}{N} \times 100 \\ R & = & \frac{3}{6} \times 100 = 50 % \end{matrix}

Result: Majority equals 203.0.113.7; propagation is 50 % with one failure recorded.

Assumptions & limitations

Heads‑up Domain validation accepts ASCII labels only; Unicode hostnames must be punycoded first.
Trailing dots are removed before querying.
Only the selected public resolvers are sampled; last‑mile ISP caches may differ.
Heads‑up Minimal TTL is reported; individual records may carry different TTLs by resolver.
TXT values are unquoted for display; embedded quotes are not escaped.
Answer normalization uses case‑insensitive compare; whitespace differences are not preserved.
Timeouts and retries influence observed failure rates and latencies.
ECS is passed as provided; format is not validated beyond string presence.

Edge cases & error sources

NXDOMAIN or SERVFAIL responses yield empty answers with optional TTL minima.
Mixed validation states may set AD on some rows and not others.
Large TXT records can join with “ | ” when many unique values occur.
IPv6 literals and bracketed forms in TXT data are treated as plain strings.
Resolver rate limits or CORS restrictions can appear as timeouts.
Clock skew is avoided by measuring latency within the page, not using server time.
OPT records (type 41) are ignored during parsing.
Retries may mask intermittent failures by preferring the fastest success.

Step‑by‑Step Guide:

Run a propagation check and share a clean snapshot.

Enter your domain in FQDN format.
Choose the record type you changed.
Open Advanced to pick resolvers, or keep sensible defaults.
Optionally set Timeout and Retries.
Toggle DO or CD if you need DNSSEC context.
Click Check and review the majority, unique answers, and failures.
Export CSV or JSON and share with your team.

Example: example.com with type A and the default resolver set.

Warning Double‑check the domain before sharing results, especially during live cutovers.

FAQ:

Is my data stored?

No. Requests are issued from your browser directly to the chosen resolvers. The page does not send your inputs to an intermediate server or keep a copy.

Your resolver providers may log queries under their policies.

Which record types are supported?

A, AAAA, CNAME, MX, NS, TXT, SOA, SRV, and CAA. Pick one type per run to keep results clear.

How is the percentage calculated?

It is the integer‑rounded share of selected resolvers that match the majority answer. If no majority exists, the value is zero.

What does the AD flag mean?

AD indicates the resolver believes the data is validated under DNSSEC. The CD toggle asks the resolver not to set AD even if validation succeeds.

Can I simulate a location?

You can pass an EDNS client subnet to hint geography. Leave it blank for no hint. Use with care, as policies vary by resolver.

Why do some rows show “—”?

That row did not return an answer within the timeout or produced an error. Increase the timeout or reduce retries to see if behavior changes.

Does it work offline?

No. It needs network access to reach public resolvers and gather answers.

Can I share results?

Yes. Export CSV for spreadsheets or JSON for automation, then attach the file to your change ticket.

Troubleshooting:

“Enter a valid domain” appears: ensure at least two labels and no leading or trailing hyphens.
No rows populate: check connectivity to public resolvers or try a longer timeout.
Charts are blank: switch to the Charts tab after a successful run.
Clipboard copy fails: allow clipboard permissions or use the download buttons.
Unexpected values: verify your authoritative zone and clear local caches if needed.

All rows fail quickly: your network may block DoH or the endpoints are unreachable. Try different resolvers or a standard DNS query path.

Advanced Tips:

Prefer the default resolver set for a balanced global snapshot.
Enable CD to compare validated and non‑validated behavior quickly.
Use a short timeout with zero retries to spot transient issues.
Add regional resolvers to probe locality effects alongside anycast networks.
Share the JSON export with monitoring to alert on unexpected answer drift.

Glossary:

DNS: Distributed naming system that maps names to data such as IP addresses.
FQDN: Fully qualified domain name including all labels, without a trailing dot.
Resolver: Recursive cache that answers client queries by consulting authoritative servers.
DoH: DNS over HTTPS using JSON to exchange query and response data.
TTL: Time‑to‑live in seconds that guides how long caches keep an answer.
AD flag: Authenticated Data bit indicating successful DNSSEC validation at the resolver.
ECS: EDNS client subnet value that hints requester location to resolvers.