All Products
Search

This Product

    Domain Names:Update DNS servers

    Document Center

    Domain Names:Update DNS servers

    Last Updated:Mar 13, 2026

    This document describes how to update DNS servers for a domain name in the Alibaba Cloud Domain Names console. This update affects the domain's DNS resolution.

    Prerequisites

    To prevent service interruptions when you update DNS servers, first synchronize your DNS records from the original DNS provider to the new one.

    1. Synchronize DNS records: On your new DNS provider's platform, add your domain name and all necessary DNS records.

    2. Verify DNS resolution: Run the following commands to query the new DNS server and check if it responds properly.

      # Replace yourdomain with your domain name
# Replace ns1.alidns.com with the address of the new provider's DNS server
dig @ns1.alidns.com yourdomain A
dig @ns1.alidns.com yourdomain MX

    3. Check and disable DNSSEC (skip this step if DNSSEC is not configured)

      Check whether Domain Name System Security Extensions (DNSSEC) is enabled for your domain name. If it is enabled, first delete the Delegation Signer (DS) record with your domain name registrar and then disable DNSSEC.

      # Use the dig command to check the DNSSEC status of your domain
# If the response includes a Resource Record Signature (RRSIG) record, DNSSEC is enabled
dig +dnssec yourdomain.com

    4. (Recommended) Lower the TTL: To reduce the wait time for updates or rollbacks to take effect, lower the Time-To-Live (TTL) value for critical DNS records, such as the A record and MX records of the primary site for your business. Set the TTL to a small value, such as 300 or 600 seconds. Make this change 24 to 48 hours before you update the DNS servers. Wait for the old TTL to expire before updating the DNS servers.

    Procedure

    Update DNS servers for a single domain name

    1. On the Domain Names page, find the target domain name and click Manage in the Actions column. Choose and click DNS Server Change.

    2. Enter the new DNS server addresses and click Confirm.

    Batch update DNS servers for multiple domain names

    1. Go to the Domain Names page.

    2. In the left-side navigation pane, choose Batch Operations > Common Batch Operations > DNS Server Change.

    3. Enter your Domain Names, set Configure DNS to Custom DNS, and submit the update using the email verification code.

    4. On the Bulk Operations Log page, check whether the update was successful.

    Verify the update

    After submitting the update, use the following commands to check the DNS propagation.

    # Replace yourdomain with your domain name
# 1. Check if the registry's name server (NS) records have been updated to the new DNS server addresses
dig yourdomain NS

# 2. Trace the full resolution path to confirm requests are being answered by the new DNS servers
dig +trace yourdomain A

    Apply in production

    • Update DNS servers during off-peak hours and prepare a rollback plan in advance.

    • When you update DNS servers, the time for the update to take effect depends on the TTL of the domain's NS records cached by local DNS servers. Full worldwide propagation may take 24 to 48 hours.

    FAQ

    What is a domain name's DNS server?

    DNS servers for a domain name are responsible for storing and managing its DNS records. These records include A records, which map a domain name to an IPv4 address; AAAA records, which map a domain name to an IPv6 address; MX records, which specify the mail servers for the domain name; and CNAME records, which alias one domain name to another.

    After registering a domain name, you must configure its DNS servers to make your website and other services accessible on the Internet. Typically, you can use the default DNS servers provided by your domain name registrar. Alternatively, you can use custom DNS servers for more control over your DNS configuration.

    For example, if your domain name example.com uses the DNS servers ns1.example.com and ns2.example.com, any query for example.com or its subdomains (like www.example.com) is sent to these servers. The servers then respond with the appropriate DNS record, allowing users to access your website, email, and other services.

    Important

    To ensure high availability and redundancy, we recommend that you configure at least two DNS servers. If one server becomes unavailable, the other can continue to respond to queries, preventing service interruptions.

    Why can't I modify the DNS servers for my domain name?

    You cannot modify the DNS servers for a domain name while it is in certain states, such as a grace period, redemption period, or during a transfer. To make changes, you must first renew the domain name or wait for the transfer to complete. For more information about how to renew a domain name, see Domain name renewal.

    Why are my DNS server updates not taking effect? / Why am I experiencing access issues in some regions after updating my DNS servers?

    This issue typically occurs for one of the following reasons:

    • Incorrect configuration on the new DNS servers: This is a common cause. Log on to your new DNS provider's console and verify that all necessary DNS records (such as A, CNAME, and MX records) are correctly configured for your domain name.

    • DNS propagation and caching: DNS resolvers in the affected region or on a specific device might have cached the old DNS server information (NS records). Changes to DNS servers can take up to 48 hours to propagate globally. You can either wait for the cache to expire or try flushing the local DNS cache.

    • Self-hosted DNS server issues: If you manage your own DNS server, check the following:

      • Ensure your firewall allows incoming traffic on port 53 (TCP and UDP).

      • Verify that the DNS service is running.

      • Confirm that the zone file for your domain name is configured correctly.

    Can I use DNS services from multiple providers at the same time?

    Yes, if your domain name registrar allows you to specify DNS servers from multiple providers in their management interface. For example, domain names registered with Alibaba Cloud support using DNS servers from different providers simultaneously.

    What are the reasons for a failed DNS server modification?

    • The DNS server address is invalid. Ensure that the DNS server address you entered is correct and active.

    • The domain name is locked. A registrar lock prevents changes to a domain name's settings, including its DNS servers. To check if your domain name is locked, perform a WHOIS query and look for a status like clientUpdateProhibited or Update Prohibited By Registrar in the Domain Name Status field.

      Solution:

      1. Navigate to the Domain Names page, find the target domain name and click Manage in the Actions column.

      2. In the left-side navigation pane, click Security Settings.

      3. Find the Update Lock item and click Disable. Then, complete the security authentication as prompted.

    How do I find my local DNS server?

    The following steps are for Windows:

    1. Open the command prompt. You can find it by searching for "cmd" or "Command Prompt" in the Start menu.

    2. Enter ipconfig /all and press Enter.

    3. In the output, locate the DNS Servers line. The listed IP addresses are the DNS servers that your computer uses.

    How do I flush the local DNS cache?

    Your operating system maintains a local DNS cache. The following steps describe how to clear (or flush) this cache on Windows:

    1. Open the command prompt as an administrator. You can find it by searching for "cmd" or "Command Prompt" in the Start menu, right-clicking it, and then selecting Run as administrator.

    2. Enter ipconfig /flushdns and press Enter.

    3. A success message appears, such as "Successfully flushed the DNS Resolver Cache."