DNS caching -- stale records after migration

After changing DNS records (domain migration, new server IP), some users still reach the old server. Changes seem to take effect inconsistently.

DNS has multiple caching layers: (1) Browser DNS cache (Chrome: chrome://net-internals/#dns). (2) OS DNS cache: sudo dscacheutil -flushcache (macOS), sudo systemd-resolve --flush-caches (Linux). (3) Router/ISP DNS cache: no control, wait for TTL. (4) Recursive resolver cache (Google 8.8.8.8, Cloudflare 1.1.1.1). Before migration: lower TTL to 60s a few days ahead. After migration: old TTL must expire everywhere. Verify: dig @8.8.8.8 example.com shows what Google DNS sees.

DNS is a distributed cache with no instant invalidation. Each resolver caches records for the TTL (Time To Live) period. Old records persist until TTL expires at every cache layer.