Knowledge base

The Domain Name System does not update everywhere at once. When you change DNS records at your registrar or hosting provider, authoritative name servers start serving the new data immediately—but recursive resolvers around the world cache old answers for as long as the record's TTL (time to live) allows. Until those caches expire or are refreshed, different users and monitoring tools may see different IP addresses or mail exchangers for the same hostname.

Propagation, in everyday usage, describes that window of inconsistency: some resolvers already return your new A or AAAA record, while others still return the previous target. The delay can be minutes or, in edge cases involving long TTLs or stubborn caches, longer. It is not a single global flip; it is the sum of many independent caches updating on their own schedules.

Tools such as NSdig query multiple public resolvers in parallel so you can compare answers side by side. That helps you confirm whether a change has reached major providers, spot stragglers, or rule out local resolver issues on your own machine. Seeing agreement across diverse networks is a strong sign that your update is widely visible.

If results disagree, check TTL values, confirm the authoritative zone is correct, and remember that anycast and geo-routing can legitimately return different addresses for performance reasons. Propagation checking is about verifying consistency against your intent—not about forcing a single global answer in every situation.

Real-time blocklists (RBLs), also called DNS-based blacklists (DNSBLs), are distributed databases that mail servers and security tools query to judge whether an IP address has a poor reputation. A listing usually means the address was observed sending spam, participating in abuse, or matching policy rules maintained by that list's operator. The check works by reversing the IPv4 address, appending a list-specific DNS zone, and interpreting whether a positive response indicates a hit.

No listing in a given zone typically means the IP is not flagged there at query time—not a guarantee of good behavior everywhere. Different lists have different criteria, update frequencies, and appeal processes. Some focus on hijacked hosts, others on bulk mail or open relays. Operators often combine several lists because no single database captures every threat model.

False positives can occur, and delisting can take time after you fix the underlying issue. NSdig surfaces multi-list results so you can see which zones report a hit and investigate accordingly. IPv6 and some specialized listing schemes use different mechanics; our IPv4 DNSBL view is a practical snapshot for the most common mail-security workflows.

Treat blacklist output as one signal among many: pair it with SPF, DKIM, DMARC, and your provider's logs when debugging deliverability. A clean report on a few major lists is reassuring; unexpected listings deserve follow-up with the list maintainer and your network team.

WHOIS is a family of protocols and services for querying registration data associated with domain names, IP allocations, and autonomous systems. For a domain, a WHOIS lookup typically returns the sponsoring registrar, creation and expiry dates, nameservers, and—depending on privacy settings—registrant contact fields. That data is maintained by registries and registrars under policies set by ICANN and regional authorities.

In recent years, many registrars redact personal fields in public responses to comply with privacy regulations, so you may see placeholder values or a privacy service instead of direct owner details. Legal and abuse channels still exist through registrar and registry procedures even when the public record is minimal. The remaining technical fields (expiry, status, name servers) remain essential for operations and troubleshooting.

NSdig includes a compact WHOIS-style snapshot for domains to surface registrar and key lifecycle dates without overwhelming the page. Full raw WHOIS output can be lengthy and varies by TLD; our summary is aimed at quick sanity checks: is the domain locked, when does it renew, and who is the listed registrar?

WHOIS should not be confused with DNS answers: WHOIS describes registration metadata, while DNS maps names to addresses and mail routing. Both matter when you migrate a site, recover from hijacking, or audit an acquisition. If WHOIS and your live DNS disagree on nameservers, that mismatch is worth investigating before you assume propagation alone is at fault.