🌍

How Does DNS Domain Configuration Propagate?

What actually happens when you configure a domain on sites like onamae.com

DNS is one of the most fundamental and important infrastructures on the internet. When we type "example.com" in a browser, it actually goes through a complex DNS lookup process to find the IP address of that server. When you configure records on DNS management services like onamae.com, Cloudflare, or Route 53, this information propagates to DNS servers worldwide, making the domain accessible to everyone.

Architecture Diagram

DNS Hierarchy (Domain Lookup Flow)
👤
User (Browser)
myapp.com
🔍
DNS Resolver
e.g., 8.8.8.8 (Google)
Step 1
🌐
Root Server (.)
13 worldwide
.com is here →
Step 2
📂
TLD Server (.com)
Verisign
Returns NS info
Step 3
🏢
Authoritative NS
ns1.onamae.com
A: 76.76.21.21 returned
🖥️
Web Server (Vercel)
76.76.21.21
What happens when you configure on onamae.com
1
Domain Purchase
onamae.com → Registration request to Verisign (.com registry)
2
Nameserver (NS) Setup
Use default NS (onamae) or change to Cloudflare/Route 53
3
Add DNS Records
A     myapp.com → 76.76.21.21
CNAME www.myapp.com → cname.vercel-dns.com
4
DNS Propagation
Propagates to DNS servers worldwide (A record: minutes~hours / NS change: up to 48h)
# Check DNS lookup with dig command
$ dig myapp.com +short
76.76.21.21

$ dig myapp.com
;; ANSWER SECTION:
myapp.com.   300   IN   A   76.76.21.21
             ^^^ TTL (sec)
Key Points
DNS uses "hierarchical delegation" — responsibility distributed: Root → TLD → Authoritative NS
What you configure on onamae.com is editing "authoritative nameserver records"
Lower TTL = faster propagation but more DNS server load — raise back after changes

How It Works

1

User enters myapp.com in browser

2

OS checks local DNS cache → if not found, queries configured DNS resolver (e.g., 8.8.8.8)

3

DNS resolver queries root server (.) → obtains .com TLD server address

4

Queries .com TLD server → obtains authoritative nameserver (NS) address for myapp.com

5

Queries authoritative nameserver (e.g., ns1.onamae.com) → obtains A record (IP address)

6

DNS resolver caches result for TTL duration and returns IP to browser

7

Browser connects to the IP (e.g., 76.76.21.21) via HTTP/HTTPS

Pros

  • Accessible by domain name from anywhere in the world
  • Only DNS records need updating when IP changes (zero downtime)
  • Flexible traffic routing with CNAME
  • Domain ownership verification and SPF/DKIM setup via TXT records

Cons

  • DNS propagation takes up to 48 hours (especially for NS changes)
  • Cannot reflect immediately due to TTL caching
  • Vulnerable to DNS spoofing/cache poisoning (without DNSSEC)
  • Cannot modify domain settings during registrar outages

Use Cases

Custom domain connection (Vercel, Netlify, Heroku, etc.) Mail server setup (Google Workspace, Microsoft 365) CDN connection (Cloudflare, AWS CloudFront) SSL certificate domain verification (DNS-01 challenge) Subdomain separation (api.myapp.com, blog.myapp.com)

References

Related

Why Does Nameserver Change Take 24-72 Hours?
The real reason NS changes propagate slowly and the caching structure at each level
🔒 How Does DNS-PERSIST-01 Work? ⏳ Why Does Nameserver Change Take 24-72 Hours?