DNS provider

DNS propagation in Cloudflare DNS

Saving in Cloudflare DNS updates your zone fast — the internet caches old answers until TTL expires.

Provider gotcha: Proxy (orange cloud) must be grey (DNS only) for MX records, mail A records, and anything that must resolve exactly for mail. TXT for DMARC/SPF/DKIM should also use DNS-only — orange cloud can interfere with how some tools read mail DNS.

Read DNS propagation for background.

Step by step

Step 1 Open the Cloudflare Dashboard → DNS → Records → Add record.

Step 2 Lower TTL before big changes if your provider allows — then raise after stabilization.

Step 3 After save, wait at least one TTL cycle before assuming failure.

Step 4 Query your zone’s authoritative nameservers directly. Use the subdomain only in the Name field — e.g. _dmarc or @ for apex, not the full hostname.

Step 5 Open DNS Propagation to compare resolvers. Typical: Usually minutes — Cloudflare is authoritative quickly; global resolver caches still respect TTL.

Step 6 Final check: DNS Preflight for SPF/DKIM/DMARC together.

DNS Preflight — full auth check for your domain.

Open DNS Preflight →

Propagation — compare resolvers.

Open DNS Propagation →

FAQ

What is DNS propagation?

Delay while recursive resolvers cache old TTLs — not instant worldwide.

How fast is Cloudflare DNS?

Usually <strong>minutes</strong> — Cloudflare is authoritative quickly; global resolver caches still respect TTL.

Why does dig show the new TXT but my tool doesn’t?

Different resolver — use propagation checker and lower TTL next time.

What TTL should I use?

300–3600s during changes; longer when stable.

Where to verify all records?

DNS Preflight for SPF/DKIM/DMARC — Propagation tool for cross-resolver checks.

← Cloudflare DNS hub · All DNS providers