Notes · Field Note

Why Two DNS Resolvers Give You Different Answers

Cloudflare says one thing, Google says another, and your laptop says a third. A field note on why that happens, when it is normal, and when it means something is actually broken.

By Cody · 5 min read · Published 2026-06-29

The short version

You change a DNS record, then check it from three places and get two or three different answers. The instinct is to assume something is broken. Usually nothing is — you are watching caches expire at different times. But the same symptom can also hide a genuine fault, and the way to tell them apart is the record's TTL.

The fastest way to see the disagreement clearly is to ask several resolvers the same question at once with the multi-resolver compare tool, rather than guessing from one machine.

Reason one: caching and TTL

Every record carries a TTL — a number of seconds a resolver is allowed to cache the answer. When you publish a new value, a resolver that cached the old one keeps serving it until that timer runs out. Different resolvers cached the record at different moments, so they expire at different moments. For a window no longer than the old TTL, they legitimately disagree.

This is why “propagation” is a slightly misleading word: nothing is slowly spreading across the internet. Authoritative nameservers update instantly. What you are waiting on is old cached copies aging out.

Reason two: different resolvers, different vantage points

Large public resolvers run anycast: the “1.1.1.1” you reach is a nearby node, not a single server. Two nodes of the same provider can hold slightly different cache states. Providers also honor TTLs and minimum-cache rules differently. And some answers are genuinely location-aware — CDNs return different IPs by region — so two resolvers in different places can both be correct and still differ.

Reason three: your own machine is in the path

Before a query ever reaches a public resolver, it passes through your operating system's cache and whatever resolver your network hands you — a home router, a corporate server, a VPN. Any of those can hold an older answer than a fresh public lookup. When your laptop disagrees with an online tool, your local path is usually the reason, not the authoritative DNS.

When the disagreement actually means a fault

Stop blaming propagation and start investigating once any of these is true:

The disagreement persists well past the old TTL — caches should all have expired by then.
Your authoritative nameservers return different records from each other — a sign of an inconsistent or half-finished change.
Some resolvers return SERVFAIL while others answer — classic DNSSEC validation failure, where validating resolvers reject a broken chain. See NXDOMAIN vs SERVFAIL to decode it.

Example: the same name, two resolvers, mid-change

Example input

compare example.com A — Cloudflare vs Google

Example result

1.1.1.1 (Cloudflare)  A  93.184.216.34   TTL 280
8.8.8.8 (Google)      A  203.0.113.10    TTL 41

Two resolvers, two answers, because each cached the record at a different time. Google's copy expires in 41 seconds; once it re-queries the authoritative server it will match. If they still differed an hour later with a one-hour old TTL, that would be a real fault to chase.

Related tools

Multi-Resolver Compare

Ask Cloudflare, Google, Quad9, and OpenDNS the same question at once.

Open tool

DIG

Read TTLs and status flags straight off the wire.

Open tool

Related guides

DNS TTL Explained

How to read the TTL column and pick a value that ages well.

Read guide

NXDOMAIN vs SERVFAIL

Two errors that look alike but mean very different things.

Read guide

FAQ

Is it normal for DNS resolvers to disagree?

Right after a change, yes. Different resolvers cache records for different remaining TTLs, so some still hold the old answer while others have already refreshed. Once the longest TTL from before the change has elapsed, every resolver should agree. Persistent disagreement after that window is the signal that something is wrong.

How long until all resolvers show the new record?

At most the TTL that was in effect before you made the change. If the record had a 3600-second (one hour) TTL, a resolver that cached it just before your edit can keep serving the old value for up to an hour. Lowering the TTL a day before a planned change shrinks this window.

Why does my computer show a different answer than an online tool?

Your computer uses whatever resolver your network or OS is configured for, plus its own local cache, while an online tool queries a public resolver fresh. Local caching, a corporate resolver, or a VPN can all make your machine lag behind. Flushing your DNS cache or querying a public resolver directly removes that variable.

Could different answers mean my DNS is broken?

It can. If the disagreement persists well past the old TTL, look for inconsistent records across your authoritative nameservers, a half-finished migration, or a DNSSEC validation failure that makes some validating resolvers return SERVFAIL while non-validating ones still answer. Those are real faults, not propagation.

Last reviewed: 2026-06-29.