Fix Cloudflare DNS Not Propagating Changes

Introduction

DNS propagation refers to the time it takes for DNS changes to spread across the internet's distributed DNS system. When you modify a Cloudflare DNS record, the change should be nearly instant for Cloudflare-proxied records since Cloudflare's edge network updates immediately. However, DNS-only records (grey cloud) must propagate through the global DNS hierarchy, which can take hours depending on TTL settings and resolver caching. Understanding propagation mechanics helps diagnose whether the delay is expected or indicates a real problem.

Symptoms

DNS changes not visible from specific locations or resolvers
Old IP address still resolves after updating DNS record
Different users see different DNS results for same domain
DNS update made in Cloudflare dashboard but not reflected in dig/nslookup
Site redirects to old server after DNS migration
Email delivery fails after MX record changes

Common Causes

High TTL values on previous DNS record causing resolver caching
DNS resolvers ignoring TTL and caching longer than specified
DNS record set to DNS-only (grey cloud) instead of proxied
Registrar DNS servers still pointing to old nameservers
DNS cache on local machine or browser holding old values
Negative caching from previous failed DNS lookups
Recursive resolver not respecting updated TTL

Step-by-Step Fix

1.Verify the DNS record in Cloudflare shows the correct value:

```bash # Check Cloudflare's authoritative response dig yourdomain.com @june.ns.cloudflare.com dig yourdomain.com @chad.ns.cloudflare.com

# Replace with your actual Cloudflare nameservers ```

1.Query Cloudflare's DNS directly to bypass resolver caching:

```bash # Use Cloudflare's public DNS (1.1.1.1) dig yourdomain.com @1.1.1.1

# Or use Google DNS for comparison dig yourdomain.com @8.8.8.8

# Compare results dig yourdomain.com +short @1.1.1.1 dig yourdomain.com +short @8.8.8.8 ```

1.Check the TTL value on the DNS record:

```bash # Check current TTL dig yourdomain.com @1.1.1.1 | grep "ANSWER SECTION" -A1

# TTL is the second number in answer section # yourdomain.com. 300 IN A 192.0.2.1 # 300 = 5 minutes TTL ```

1.Reduce TTL before making DNS changes:

In Cloudflare Dashboard > DNS: - Edit the DNS record - Change TTL to lowest available value (2 minutes or Auto) - Wait for old TTL to expire before making IP change

1.Check if record is proxied or DNS-only:

```bash # Proxied records (orange cloud) resolve to Cloudflare IPs dig yourdomain.com @1.1.1.1 +short # Should show Cloudflare IP range if proxied

# DNS-only (grey cloud) shows your origin IP # For DNS-only, propagation depends on global TTL ```

1.Flush local DNS cache:

```bash # macOS sudo dscacheutil -flushcache sudo killall -HUP mDNSResponder

# Windows ipconfig /flushdns

# Linux ( systemd-resolved) sudo systemd-resolve --flush-caches

# Linux (nscd) sudo nscd -i hosts ```

1.Clear browser DNS cache:

``` Chrome: Navigate to chrome://net-internals/#dns Click "Clear host cache"

Firefox: Navigate to about:networking#dns Click "Clear DNS Cache" ```

1.Verify nameservers are correctly delegated:

```bash # Check nameserver delegation from registrar dig yourdomain.com NS +short

# Should show Cloudflare nameservers # june.ns.cloudflare.com # chad.ns.cloudflare.com

# If shows old nameservers, update at registrar ```

1.Check for negative DNS caching:

```bash # If domain previously didn't exist or had errors # Negative cache can persist for hours

# Query authoritative server directly dig yourdomain.com @june.ns.cloudflare.com

# If authoritative shows correct record but resolvers don't # Issue is resolver negative caching ```

1.Force propagation check across multiple locations:

```bash # Use online DNS propagation checker # https://dnschecker.org/ # https://whatsmydns.net/

# Check from multiple global locations # Identify which resolvers still have old values ```

1.Update registrar nameservers if needed:

```bash # If delegation still points to old nameservers # Log into registrar control panel # Update nameservers to Cloudflare-assigned values

# Verify after update dig yourdomain.com NS @a.gtld-servers.net ```

Verification

After applying fixes:

1.Cloudflare nameservers return correct DNS record value
2.Public DNS resolvers (1.1.1.1, 8.8.8.8) show updated values
3.Local dig/nslookup returns new IP address
4.Multiple global locations resolve to correct address
5.Site loads from new origin server

How to Fix Cloudflare DNS Not Propagating

Introduction

Symptoms

Common Causes

Step-by-Step Fix

Verification

Share this guide

More Cloudflare Troubleshooting Guides

Fix Cloudflare Zone Stuck in Pending Nameserver Update

Fix Cloudflare Proxied Service Failing on Unsupported Port

Fix Cloudflare HTTP/3 QUIC Protocol Not Working

Fix Cloudflare WebSocket Connection Failing Behind Proxy

Fix Cloudflare Waiting Room Still Blocking After Cutover

Fix Cloudflare Access Application Bound to Old Hostname