How long do DNS updates take?
Whenever you make a DNS change, you almost always see a disclaimer saying it could take 24-48 hours for your change to fully take effect. Is that really true? How long does it actually take for a DNS change to fully propagate? Let’s take a look at what can influence this.
Where the Authoritative Data Lives
First, a short background on how DNS changes get made. Domain name system (DNS) information is hosted on Authoritative DNS servers. These servers are the source of truth for any DNS information you publish for your domains. It is considered a best practice to have more than one DNS server for any domain. While two is considered the minimum, many organizations will have more.
In order to ensure that all servers have the same data at the same time, DNS changes are always made on one server (typically called a Primary) and these changes are propagated automatically to the other servers (typically called Secondaries) using a part of the DNS protocol called Zone Transfers.
How DNS Updates Propagate
In order to synchronize the DNS information, the Secondary servers will periodically check with the Primary server to see if there have been any changes in the data hosted there. If they detect a change, they will pull down the update. (More on how that happens in the troubleshooting section below).
The frequency of this check is called the Refresh interval for the domain, and it is defined in a DNS record called the Start Of Authority (SOA) record associated with that DNS zone. The Refresh interval is the maximum time it should take for all of the Secondary servers to get an update from the Primary. Common refresh intervals seen on the Internet are anywhere from 30 minutes to a couple of hours, but can vary based on what the administrator for that domain wants to specify.
There is another mechanism in the DNS protocol that can make these changes propagate even more quickly. This mechanism, called DNS Notify, causes the Primary server to proactively notify the Secondary servers that there has been an update that they need to get. Use of DNS Notify can reduce the propagation time between authoritative servers to a few seconds.
Some DNS server vendors also have their own, proprietary methods to synchronize authoritative servers, which can reduce the synchronization process to a few seconds.
Time to Live
So that should be it, right? It could take anywhere from a few seconds to a couple of hours right? Well, possibly — but there is one other factor to take into account, and that’s Time to Live (TTL).
When you look up a DNS name (or when your browser does), you do not query the authoritative server for the domain/zone directly. There are millions of DNS servers on the internet, which is the key to the system’s robustness — but you need a way to get the authoritative data for your request. This is done by a Caching DNS server. This is the DNS server that your server (or your own laptop) is configured to query whenever it has a question for DNS. This server’s job is to find the proper Authoritative server for the information you seek.
Why is this important? The reason is the Time To Live I mentioned earlier. Any DNS records that your Caching server finds for you will come with a Time To Live. To keep from overloading the Authoritative servers, whenever a Caching server resolves a DNS name, it will remember that (cache it) for a period of time. As a result, if someone else asks for that same record (or you ask the same question again), the Caching server does not have to go find the information again. It can just deliver the information from its cache, assuming that the information is still fresh enough.
The freshness of that data — in other words, the amount of time the Caching server can remember this information — is controlled by the Authoritative server. The owner of the Authoritative server has configured an appropriate Time To Live for the domain. Think of it as a “Sell By Date” for the domain information. This TTL balances two competing demands: reducing load on the Authoritative server vs. ensuring that changed records get propagated in a timely manner.
How Long a DNS Update Takes
So this brings us back to our original question: How long does it take a DNS change to fully propagate? The answer is the maximum of the Refresh interval for the zone plus the Time To Live.
While it may take much less time, as described above, the TTL plus the Refresh interval should spell out the absolute maximum.
If you don’t see a change to DNS within that time, it’s time to start troubleshooting.
Troubleshooting DNS Updates
There are a few things that can go wrong but these should be rare. In almost all cases, these are issues that arise on the Authoritative DNS servers.
I mentioned above that the Secondary servers can detect when a change is made on the Primary. How does it do this? Every DNS Zone has a version number, called a serial number. Every time you make a change to the data on the Primary server, you need to increment this serial number on the Secondary. If you forget to do this, the Secondary servers will not detect the change and propagation will fail.
Note that many commercial DNS vendors automate the process of incrementing the serial number to reduce the chances of this happening.
You may run into cases where the change seems to be available only intermittently — or in some cases not at all — even though you updated the serial number. The usual cause here is a lack of network connectivity between the Primary and the Secondaries. This is something that will need to be investigated by the networking team.
There can also be issues if the clocks on the Primary and Secondary servers differ by too much. In this case, you would want to ensure that all servers are synchronized to the same NTP server.
As you can see, DNS updates normally take much less time to propagate than the “24-48 hours” you’ve been told.
In normal circumstances, the TTL for a DNS zone plus its Refresh interval should give you the maximum time it will take for all DNS servers to get the latest information. Generally that’s a lot less than 24-48 hours.
Updated 7/7/2020 to replace outdated “Master/Slave” terminology with “Primary/Secondary” terms.