• Latest
  • Trending
  • All

DNS Propagation Checker: Compare Google, Cloudflare and Server-Side DNS Answers

May 27, 2026
WordPress Security Hardening Checklist: 34 Scored Controls with Copy-Paste Fixes - cover image

WordPress Security Hardening Checklist: 34 Scored Controls with Copy-Paste Fixes

June 3, 2026
Maximizing Website Speed with Image Optimization Techniques for 2026 - cover image

Maximizing Website Speed with Image Optimization Techniques for 2026

June 3, 2026
SSL certificate renewal manager - 8 ACME clients, expiry calculator and monitoring - cover image

SSL Certificate Renewal Manager: certbot, acme.sh, lego, Caddy, cert-manager

June 3, 2026
CORS policy generator - 14 server and framework configs with presets and live security review - cover image

CORS Policy Generator: Headers + Nginx, Apache, Express, FastAPI, Django Config

June 3, 2026
netsh wlan command reference - 72 commands with example output and copy - cover image

netsh wlan Commands: Windows Wi-Fi Cheat Sheet (Show Password, Profiles, Hotspot)

June 2, 2026
Fix: ESXi Host Not Responding / Disconnected in vCenter (2026) - cover image

Fix: ESXi Host Not Responding / Disconnected in vCenter (2026)

June 1, 2026
VMware ESXi Purple Screen of Death (PSOD): Diagnose and Recover (2026) - cover image

VMware ESXi Purple Screen of Death (PSOD): Diagnose and Recover (2026)

June 1, 2026
VMware PowerCLI command generator cover

VMware PowerCLI Command Generator: VM, Snapshots, Networking, esxcli

June 1, 2026
dd Command Generator: Write ISO to USB, Image Disks, Wipe Drives - cover image

dd Command Generator: Write ISO to USB, Image Disks, Wipe Drives

June 1, 2026
SSH Tunnel Command Generator: Local, Remote and Dynamic Forwarding - cover image

SSH Tunnel Command Generator: Local, Remote and Dynamic Forwarding

June 1, 2026
sed Command Generator: Build Substitute, Delete and Print Commands - cover image

sed Command Generator: Build Substitute, Delete and Print Commands

May 31, 2026
VMware Workstation and Hyper-V on the Same Machine (2026 Fix) - cover image

VMware Workstation and Hyper-V on the Same Machine (2026 Fix)

May 31, 2026
  • Online Tools
  • Network Tools
  • Developer Tools
  • Security Tools
Wednesday, June 3, 2026
  • Login
People Are Geek
  • Online Tools
  • Network Tools
  • Developer Tools
  • Security Tools
No Result
View All Result
People Are Geek
No Result
View All Result
Home Network Tools

DNS Propagation Checker: Compare Google, Cloudflare and Server-Side DNS Answers

by People Are Geek
May 27, 2026
in Network Tools
0
0
SHARES
6
VIEWS
Share on FacebookShare on Twitter

Live DNS propagation utility

Query Google Public DNS, Cloudflare 1.1.1.1 and the PeopleAreGeek server resolver in parallel and compare the answers in a single view. The tool runs in your browser using DNS-over-HTTPS for the two public resolvers and the site’s REST API for the server-side perspective, surfaces TTL and answer differences, and tells you whether a recent DNS change has fully propagated, is still in progress, or has a regional split. Use it after editing a record on your registrar, switching DNS providers, or troubleshooting a “DNS doesn’t match” error.

All queries run from your browser via the public DNS-over-HTTPS endpoints of each resolver. The domain you query is sent to those resolvers but not to PeopleAreGeek.

What is DNS propagation

DNS propagation is the time window during which a recent change to a domain’s DNS record becomes visible to recursive resolvers around the world. When the authoritative nameserver publishes a new IP address, MX server or TXT record, that change does not instantly reach every browser or every mail server. Each recursive resolver caches the previous answer for the duration of its time-to-live (TTL). Until the cached entry expires, that resolver keeps serving the old value. Propagation is therefore not a single moment but a gradual sweep, controlled by per-record TTL, by the resolver implementation, and by network conditions between the resolver and the authoritative server.

This DNS propagation checker queries three independent vantage points in parallel and compares the answers. Two are the largest public DNS-over-HTTPS resolvers, Google Public DNS and Cloudflare 1.1.1.1, queried directly from your browser. The third is the PeopleAreGeek server resolver, which gives you a European (OVH) perspective without leaving the page. If every resolver returns the same data with consistent TTL countdowns, the change has propagated cleanly. If one still serves the previous record, or the TTL values diverge, the change is still in progress.

How a DNS propagation checker works

The page builds one request per resolver, sends them in parallel, and joins the responses into a single comparison view. For Google and Cloudflare the request is a DNS-over-HTTPS (DoH) call to their public JSON endpoint. For the PeopleAreGeek vantage point, the page calls the site REST API which executes a normal recursive lookup on the OVH-hosted server. The three answers come back with the same shape: record list, TTL and status code (NOERROR, NXDOMAIN, SERVFAIL). By sampling several resolvers at once you get a reasonable picture of how the wider internet currently resolves the name, without having to install dig or SSH into different servers.

  1. Validate the input by trimming the domain, removing any scheme or path, and normalising the record type.
  2. Send DoH requests to Google Public DNS and Cloudflare 1.1.1.1, plus a server-side recursive query through the PeopleAreGeek REST API.
  3. Parse the responses: extract the answer records, the TTL, the response status, and the CNAME chain that was followed.
  4. Group the unique answers across resolvers to see which records each resolver currently returns and which it does not.
  5. Score consistency: when every resolver returns the same record set, the change is propagated; when a minority still shows the old value, propagation is still under way; when one or more resolvers fail or return empty, there is likely a configuration problem upstream.

Common use cases for a DNS propagation checker

  • After a record edit on your registrar. You changed an A record from one IP to another and you want to know how many resolvers already see the new value before announcing the migration to users.
  • During a hosting migration. When pointing a domain to a new server, both the old and the new value can be returned for hours. The comparison view shows how much of the global pool has switched over and helps you decide when to retire the legacy host.
  • When troubleshooting a “different on my machine” report. A teammate sees the new site, another still hits the old one. The chances are that their resolver is serving a stale cache. A quick check from this page surfaces exactly which public resolver is lagging.
  • Email delivery investigations. A new MX, SPF or DMARC record is only effective once it reaches the receiving mail server’s resolver. Comparing the TXT and MX answer across resolvers helps confirm that bounce or quarantine issues are not caused by stale DNS.
  • SSL certificate validation. DNS-01 challenges for Let’s Encrypt or similar ACME flows require a fresh TXT record. If validation fails, comparing what each resolver returns helps determine whether the record is published correctly or still propagating.
  • Subdomain takeover audits. When a CNAME points to a third-party service, comparing the CNAME chain on several resolvers can catch dangling delegations that have already been removed from the authoritative server but are still cached elsewhere.
  • Security investigation of suspicious domains. A clearly inconsistent set of answers across resolvers can be a sign of fast-flux DNS or geographically targeted hijack. It is one signal among many but it is quick to capture.

Limitations and privacy notes

This tool gives a representative picture of how three independent vantage points see a domain right now, but it does not cover every resolver in the world. Most consumer ISPs run their own internal resolvers; corporate networks sometimes operate split-horizon DNS that returns internal IPs for the same name. If a user reports a problem from such a network, the tool can confirm that the public side looks fine, but the final step usually requires a query from inside the user’s network. The TTL countdown shown for each resolver is the value the resolver is currently returning, which is not necessarily the value that was originally set on the authoritative server: caching and forwarding can lower it. Some other large public resolvers (Quad9, OpenDNS, AdGuard, NextDNS) do not currently allow direct browser queries because their DoH endpoints do not return the CORS headers that browsers require; a future version of this tool will reach them through a server-side proxy.

For privacy, the domain you query travels to the DoH endpoints of Google and Cloudflare, plus the PeopleAreGeek server for the third vantage point. Google and Cloudflare publish their own privacy policies for resolver queries. The PeopleAreGeek server resolver does not log the domain you query. The result is computed entirely in your browser and is cleared as soon as you close or refresh the page.

Frequently asked questions

How long does DNS propagation usually take?

It depends on the TTL of the previous record. Most modern DNS providers use a TTL between five minutes and one hour, so most changes are globally visible within a few hours. Legacy records with a 24-hour TTL can take up to a full day. The propagation completes faster when you lower the TTL several hours before a planned change.

What is the difference between authoritative DNS and recursive DNS?

The authoritative server is the source of truth for your domain. Recursive resolvers like Google 8.8.8.8 or Cloudflare 1.1.1.1 are the caches that web browsers and mail servers usually talk to. A change is published instantly to the authoritative server, but recursive resolvers only refresh their cached copy when the TTL expires.

Why do different resolvers sometimes return different IP addresses for the same name?

Three common reasons. First, ongoing propagation after a recent change. Second, EDNS Client Subnet on geo-routed DNS: Google may be told to return a different IP for users near each resolver. Third, anycast and load-balanced CDNs can return any one of several equivalent IPs.

Does this tool query my ISP’s resolver?

No. It queries Google Public DNS, Cloudflare 1.1.1.1 and the PeopleAreGeek server resolver. Your ISP’s recursive resolver is not part of the comparison. If you want to compare with your own resolver, run dig +short example.com from a terminal and put the result next to this page’s output.

Why does a resolver return SERVFAIL or no answer?

SERVFAIL usually means the resolver could reach the authoritative server but the answer was malformed or DNSSEC validation failed. An empty answer with NOERROR means the record type does not exist for that name. NXDOMAIN means the name itself does not exist. The Raw JSON tab shows the exact status code for each resolver.

Can I trust this for production go-live decisions?

For most consumer-facing sites and SaaS apps, yes: if all three vantage points return the new record, the change is widely propagated across the two largest public resolvers and from a European server perspective. For traffic that depends on enterprise networks with strict private DNS, or for a deep multi-region picture, add at least one query from inside that network before announcing the go-live to users.

Related tools and resources

DNS propagation rarely sits alone. The tools below help confirm the record at the authoritative source, review delegation, inspect TLS readiness on the new IP, and audit the wider domain health.

DNS Lookup WHOIS Lookup Domain Health Check Reverse DNS Lookup SSL Certificate Checker HTTP Headers Checker IP Geolocation Lookup
ShareTweetPin
People Are Geek

People Are Geek

I'm Stephane, a network and systems engineer with over 15 years of hands-on experience on production infrastructure, virtualization (ESXi, Proxmox), networking, and self-hosting. Earlier in my career I built and ran a Linux resource site that became a well-known reference for sysadmins. Today I focus on cybersecurity, and I also work as a technical trainer, teaching networking and security to people who do it for a living. Everything on People Are Geek comes from real-world practice, not theory. I build every tool on this site myself, and I write about what I've actually deployed, broken, and fixed. If it's here, I've used it.

People Are Geek

Copyright © 2017 JNews.

Navigate Site

  • About PeopleAreGeek
  • All Tools and Articles
  • Contact
  • Cookie Policy
  • Hyper-V Hub: Tools, Error Fixes and Lab Guides
  • Linux Hub: Cross-Distro Reference, Articles, Tools
  • Page de test Codex
  • Privacy Policy
  • Sample Page
  • Terms of Service
  • VMware vSphere & ESXi Hub: Tools, Error Fixes and Guides

Follow Us

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Online Tools
  • Network Tools
  • Developer Tools
  • Security Tools

Copyright © 2017 JNews.