Once A record has been updated, wait up to 30 minutes and change the nameservers for your domain.
As a result, your domain will be resolved to your previous host from the places where the propagation has not been completed yet and to a new one – from the places where it has already passed.
After that, the request is sent to the first receiving point in the USA – New York, NY and ultimately, to the ISP in Phoenix, AZ.
From there, the request goes to the upstream provider in Rome, Italy, then connects to the ISP in Hamburg, Germany.
These are the objects that kept losing the proper permissions.
I found 5 records using my DNS record ACL script showing this behavior.
The problem reared it’s ugly head months ago when some important DNS records kept getting removed.
No one could figure out a pattern or timeline as to when or why this was happening.
The major disadvantage of this method is that only you will be able to work on your website in the new location, other users might still see and use your website working from the old server.NOTE: to make sure it is not your computer cache that has the outdated information, we recommend clearing the cache of your browser and flushing the DNS cache after the DNS change.3. There are three basic methods that will allow you to pass the DNS propagation.If you HAVE NOT changed the nameservers and do not wish them to propagate for so long, there is a way to reduce the propagation time. Point your domain to the destination IP address by means of A record on the side of the current DNS provider, setting the minimal TTL ('Time to live' – propagation time) for this record, for instance, to 300 seconds (5 minutes).2.After some Sherlock Holmes style sleuthing I managed to find a pattern.All of the servers for these records were reimaged around the same time. It turns out whenever a computer is brought onto a domain and registers it’s DNS record, reimaged or the OS is just reinstalled without removing the DNS record nor removing the AD computer account as part of the process problems can crop up. When you update the nameservers for a domain, it may take up to 24-48 hours for the change to take effect. In other words, it is a period of time ISP (Internet service provider) nodes across the world take to update their caches with the new DNS information of your domain. Let’s imagine you live in Bari, Italy, and you just have changed the nameservers for your domain that is hosted in Phoenix, USA.That is why the new nameservers will not propagate immediately – ISPs have different cache refreshing intervals, so some of them will still have the old DNS information in the memory.After a ton of research and troubleshooting I believe I have at least discovered all of the root causes. One of the problems I was seeing was that the permissions on the records that were created via the Microsoft dynamic DNS process were hosed up.I’m working in an Active Directory environment and all of the zones are AD-integrated which means all of the DNS records are actually AD objects; more specifically dns Node objects located in the “DC=%MYZONE%, CN=Microsoft DNS, DC=Forest Dns Zones, DC=my, DC=domain, DC=local” context.In such a way, you may avoid a downtime as both hosts will show you the same result – your new website.If you HAVE already changed the nameservers, Google public DNS tools may help you to see your website online. Set Google Public DNS servers following these instructions. Once done, clear your browser's cache following the steps in this guide and flush your local DNS cache. In addition, you can use Google Flush Cache tool and flush NS and A record for your domain name: If you still get an outdated information on your website, you may edit the 'hosts' file on your computer, which will force the domain to resolve to the new IP address.