DNS Record Propagation: Understanding MX and A Record Update Times When Not Changing Nameservers


2 views

When modifying MX and A records without changing authoritative nameservers, the propagation timeline becomes a critical operational consideration. Many administrators assume that keeping the same DNS hosting provider means instant updates, but reality is more nuanced due to DNS caching mechanisms.

The Time To Live (TTL) value on your existing records dictates the maximum propagation delay:

; Example DIG output showing TTL
$ dig example.com MX +noall +answer
example.com.    3600    IN    MX    10 mail.example.com.

In this case, 3600 seconds (1 hour) is the TTL. Any resolver that cached this record will honor it for at least this duration before checking for updates.

Typical observed behavior in the wild:

  • Major ISPs: 50-80% compliance with TTL
  • Corporate networks: Often override TTL with longer values
  • Mobile carriers: Worst offenders (sometimes cache for days)

Here's a Python snippet to monitor propagation status:

import dns.resolver
import time

def check_propagation(domain, record_type, expected_value, max_checks=24):
    resolvers = ['8.8.8.8', '1.1.1.1', '208.67.222.222']
    for _ in range(max_checks):
        for ns in resolvers:
            resolver = dns.resolver.Resolver()
            resolver.nameservers = [ns]
            try:
                answers = resolver.resolve(domain, record_type)
                if any(str(r) == expected_value for r in answers):
                    print(f"{ns} - OK")
                else:
                    print(f"{ns} - Still old record")
            except Exception as e:
                print(f"{ns} - Error: {str(e)}")
        time.sleep(3600)  # Check hourly
  1. Gradual TTL reduction (set to 300 seconds 48 hours before migration)
  2. Maintain old IP for 72 hours post-change
  3. Use SPF records with multiple IPs during transition

When Amazon required SES users to update MX records in 2020, they recommended:

; Pre-migration record
example.com. 300 IN MX 10 feedback-smtp.us-east-1.amazonses.com

; Post-migration (new weight)
example.com. 300 IN MX 20 inbound-smtp.us-east-1.amazonaws.com

This dual-record approach allowed for seamless transition over the TTL period.

When modifying MX and A records for a mail server while keeping the same authoritative DNS servers, propagation times primarily depend on two factors:

  • TTL (Time To Live) values set in your DNS records
  • Caching behavior of recursive DNS servers worldwide

The TTL value you set before making changes will determine how quickly the update propagates. Here's a typical sequence:

; Example DNS record with TTL
mail.example.com.  3600  IN  A  192.0.2.1

Professional sysadmins use this approach:

  1. 1 week before: Lower TTL to 300 seconds (5 minutes)
  2. At migration time: Update both A and MX records
  3. After migration: Consider increasing TTL again

Here's a script to verify global propagation:

import dns.resolver

def check_propagation(domain, record_type='MX'):
    resolvers = [
        '8.8.8.8',        # Google
        '1.1.1.1',        # Cloudflare
        '208.67.222.222'  # OpenDNS
    ]
    
    for ns in resolvers:
        resolver = dns.resolver.Resolver()
        resolver.nameservers = [ns]
        try:
            answer = resolver.resolve(domain, record_type)
            print(f"{ns}: {answer.rrset}")
        except Exception as e:
            print(f"{ns}: Error - {str(e)}")
Scenario Typical Propagation Time
TTL=3600 (1 hour) 1-2 hours
TTL=86400 (24 hours) 24-48 hours
Emergency change (no TTL adjustment) Up to 48 hours

Modern mail servers will typically retry delivery for several days (usually 3-5 days) when they encounter temporary DNS inconsistencies. This means:

  • Some emails might be delayed during propagation
  • Very few messages should be permanently lost
  • Inbound email flow is more critical than outbound