DNS vs CDN: Where the Problem Really Lies
Learn how to tell whether a website problem is caused by DNS, CDN cache, CDN SSL, proxy rules, origin server errors or hosting configuration.
Introduction
When a website fails to load, shows the wrong content, returns a 502 error or behaves differently in different locations, the problem may be DNS, CDN, hosting or origin server configuration. DNS and CDN are connected, but they are not the same layer.
DNS tells browsers where a domain should go. A CDN receives traffic at the edge, applies caching, security and routing rules, then may connect to the origin server. To fix problems quickly, you need to know whether the failure happens before the CDN, at the CDN, or between the CDN and origin.
Quick answer
DNS controls where your domain points. A CDN controls how traffic is cached, secured, routed and forwarded to the origin. If DNS is wrong, visitors may not reach the right CDN or server. If DNS is correct but CDN/origin settings are wrong, you may see SSL errors, 502/503 errors, stale content, redirect loops or wrong cached pages.
DNS vs CDN
DNS and CDN work together, but they solve different problems.
DNS
Translates a domain name into a destination, such as an IP address, CNAME target or CDN hostname.
CDN
Sits in front of the website, caches content, handles edge delivery, applies security rules and forwards requests to the origin server when needed.
Origin server
The real hosting server or application server where the website content comes from.
A visitor may travel through all three layers: DNS → CDN edge → origin server.
Request flow
A normal CDN-backed website request often works like this:
- User enters your domain.
- DNS resolves the domain.
- DNS points the user to the CDN.
- The CDN edge receives the request.
- The CDN checks cache and security rules.
- If cached content exists, CDN responds directly.
- If not cached, CDN asks the origin server.
- Origin server returns content.
- CDN sends the response back to the user.
A failure can happen at any step, so troubleshooting should follow the request path.
DNS problems
DNS is likely involved when the domain does not resolve correctly or points to the wrong destination.
- domain does not resolve
- nameservers are wrong
- A record points to old IP
- CNAME points to wrong CDN hostname
- DNS changes not propagated
- www works but root domain does not
- root works but www does not
- users reach old server after migration
- DNSSEC validation fails
- different resolvers return different answers
If DNS is wrong, the visitor may never reach the intended CDN or origin.
CDN problems
CDN problems usually appear after DNS already points traffic to the CDN.
- CDN-branded 502 or 503 error
- stale cached content
- wrong page served from cache
- redirect loop between CDN and origin
- SSL mode mismatch
- origin unreachable from CDN
- WAF blocks legitimate visitors
- cache rules affect dynamic pages
- CDN points to wrong origin
- CDN works in one region but not another
- headers differ between CDN and origin
If bypassing the CDN fixes the issue, the problem is likely CDN configuration, cache, WAF or CDN-to-origin connectivity.
Origin problems
The origin server is likely involved when the CDN can be reached but cannot get a valid response from hosting.
- 502 from CDN because origin is down
- 504 gateway timeout
- PHP-FPM or app service failure
- database unavailable
- origin firewall blocks CDN IPs
- server overloaded
- SSL certificate invalid on origin
- wrong origin hostname or port
- application returns 500 errors
- dynamic pages fail while cached pages work
A CDN can hide some origin problems for cached pages, but dynamic pages and cache misses may still fail.
Comparison
DNS
Main job: Point domain to destination. Typical records: A, AAAA, CNAME, NS. Problems caused: Wrong destination, no resolution, old server, propagation differences. Checked with: DNS Lookup.
CDN
Main job: Cache, protect and route website traffic. Typical settings: Origin hostname, SSL mode, cache rules, WAF, redirects. Problems caused: Stale content, 502/503, SSL mismatch, redirect loops, wrong cache behavior. Checked with: Website Status Checker, HTTP Header Checker, CDN dashboard.
Origin
Main job: Serve the actual application/content. Typical settings: Web server, app runtime, database, firewall, SSL. Problems caused: 500 errors, timeouts, overload, database errors, app failures. Checked with: Server logs, origin checks, hosting panel.
Why this matters
DNS vs CDN troubleshooting matters because changing the wrong layer can make an outage worse. If the CDN is misconfigured, changing DNS may not fix the issue. If DNS points to the wrong target, clearing CDN cache will not help. If the origin server is down, DNS and CDN may both look correct while users still receive 502 or 504 errors.
Correct diagnosis saves time during migrations, SSL changes, CDN setup, hosting moves and downtime incidents.
How to find the problem
Use DNS Lookup, Website Status Checker and HTTP Header Checker together.
Check in this order:
- DNS resolution — Confirm the domain resolves to the expected CDN hostname or IP.
- Nameservers — Confirm the active nameservers are correct.
- Root and www — Test both example.com and www.example.com.
- CDN response — Use Website Status Checker to see status code, redirects and final response.
- Headers — Use HTTP Header Checker to see cache, CDN and server headers.
- Origin target — Confirm the CDN origin points to the correct hosting server.
- CDN cache — Check whether stale or wrong content is served from cache.
- Origin health — Test the origin directly if possible and review server logs.
Start with DNS
Use DNS Lookup to confirm the domain resolves to the expected CDN hostname or IP.
Common problems
DNS points to old server
HighThe domain still resolves to an old IP or old CDN target after migration.
Next step: Update DNS records or nameservers and verify with multiple resolvers.
Wrong CNAME target
HighThe domain points to the wrong CDN hostname or service.
Next step: Correct the CNAME to the provider’s required target.
Root domain and www differ
Mediumexample.com and www.example.com point to different destinations.
Next step: Choose canonical behavior and align DNS/CDN redirects.
CDN origin is wrong
HighThe CDN receives traffic but forwards it to the wrong origin server.
Next step: Update origin hostname/IP in the CDN dashboard.
CDN SSL mode mismatch
HighThe CDN and origin do not agree on HTTPS behavior.
Next step: Check edge SSL, origin SSL certificate and CDN SSL mode.
CDN cache serves stale content
MediumThe origin is updated but CDN still serves old cached files.
Next step: Purge cache and review cache rules.
CDN WAF blocks real visitors
MediumSecurity rules block legitimate traffic.
Next step: Review WAF/firewall logs and adjust rules carefully.
Origin blocks CDN IPs
HighThe hosting firewall refuses CDN requests.
Next step: Allow official CDN IP ranges and review firewall rules.
Cached pages work but dynamic pages fail
HighCDN cache hides origin issues for static pages, but dynamic requests fail.
Next step: Check origin server, application runtime and database.
DNS propagation confusion
LowDifferent users see different destinations during a recent change.
Next step: Check TTL, resolvers and avoid making repeated DNS changes too quickly.
How to fix issues
-
Step 1: Identify the failing layer
Check whether the issue happens at DNS resolution, CDN edge, CDN-to-origin connection or origin application.
-
Step 2: Verify DNS records
Confirm A, AAAA, CNAME and nameserver records point to the expected destination.
-
Step 3: Test root and www
Check both hostnames and confirm they behave consistently.
-
Step 4: Inspect CDN settings
Review origin hostname, SSL mode, cache rules, redirects and WAF rules.
-
Step 5: Check origin availability
Confirm the hosting server responds directly if direct testing is possible.
-
Step 6: Review headers
Look for CDN cache status, server headers, redirects and final response behavior.
-
Step 7: Purge cache only if needed
Clear CDN cache when stale content is confirmed, not as a blind first step.
-
Step 8: Fix firewall and SSL conflicts
Allow CDN IPs and ensure SSL works between CDN and origin.
-
Step 9: Monitor after changes
Re-check DNS, status, headers and origin logs after deployment.
During migration
Use this DNS and CDN migration checklist when moving or reconfiguring a site.
Active nameservers
Confirm the domain uses the intended nameservers.
A/CNAME records
Verify records point to the correct CDN or origin target.
Root and www records
Check both hostnames resolve as expected.
CDN hostname target
Confirm DNS points to the correct CDN endpoint.
Origin hostname/IP
Verify CDN origin settings match hosting.
CDN SSL mode
Check edge-to-origin SSL configuration.
Origin SSL certificate
Confirm the origin certificate is valid.
HTTP to HTTPS redirects
Test protocol redirects at CDN and origin.
www/non-www redirects
Confirm canonical host behavior.
Cache purge after launch
Purge stale content only when needed.
WAF/firewall rules
Review security rules at CDN and origin.
Origin allows CDN traffic
Allow official CDN IP ranges.
Final URLs return 200
Confirm important pages load successfully.
Important pages tested
Check homepage, login, checkout and tools.
Headers show expected behavior
Review CDN and origin response headers.
Example 1: DNS problem
Symptom:
Users still see old website.
DNS check:
example.com → old server IP
CDN check:
Not reached.
Likely cause:
DNS still points to old server.
Fix:
Update A/CNAME records or nameservers.
Example 2: CDN problem
Symptom:
Website returns 502 Bad Gateway.
DNS check:
example.com → CDN target correctly.
CDN check:
CDN edge responds with 502.
Origin check:
Origin IP blocked CDN requests.
Likely cause:
Origin firewall blocks CDN.
Fix:
Allow CDN IPs and retest.
Example 3: Cache problem
Symptom:
New page is live on origin but users see old version.
DNS check:
Correct.
Origin check:
New content visible.
CDN response:
Cache HIT with old content.
Likely cause:
Stale CDN cache.
Fix:
Purge affected URLs and review cache rules.
Examples are illustrative. Replace domains, IPs and CDN settings with your real setup.
Check DNS:
dig example.com A
dig www.example.com CNAME
Check nameservers:
dig example.com NS
Check HTTP status:
curl -I https://example.com
Follow redirects:
curl -IL https://example.com
Check headers for CDN clues:
curl -I https://example.com | grep -i "cache\|server\|cf-\|x-cache\|via"
Check origin directly if you know the IP:
curl -I --resolve example.com:443:192.0.2.10 https://example.com
Commands are illustrative. Direct origin testing depends on your hosting, CDN and SSL setup. Do not expose or bypass protected origin access carelessly.
Cache vs origin
A CDN may serve cached content even when the origin has changed or is temporarily unavailable.
This can cause:
- old CSS or JavaScript
- old images
- outdated HTML
- wrong redirect behavior
- one region showing new content and another showing old content
- cached homepage working while admin or checkout fails
If CDN cache is suspected, compare CDN response with origin response if possible.
CDN SSL issues
SSL can fail at two different places:
Visitor to CDN
The public certificate must cover the requested hostname.
CDN to origin
The origin certificate and SSL mode must match CDN expectations.
Common mistakes:
- origin has expired SSL
- origin certificate does not match origin hostname
- CDN set to HTTPS but origin only supports HTTP
- CDN set to flexible SSL causing redirect loops
- www covered but root not covered
- old certificate after migration
SSL errors may look like CDN problems even when the origin certificate is the real issue.
Frequently asked questions
What is the difference between DNS and CDN?
DNS points a domain to a destination. A CDN handles traffic, caching, security and routing after users reach the CDN.
Can DNS cause a CDN problem?
Yes. If DNS points to the wrong CDN target or old server, traffic may never reach the intended CDN setup.
Can CDN cause a DNS problem?
Not directly, but CDN configuration can make a correctly resolved domain fail at the edge or origin.
Why does the CDN show 502?
The CDN may not be able to reach the origin, or the origin may return an invalid response.
Why do some users see old content?
DNS propagation, CDN cache or regional CDN cache differences may be involved.
Should I purge CDN cache first?
Only if stale cache is likely. If DNS or origin is wrong, cache purge will not fix the root problem.
How do I know if the origin is the problem?
If DNS and CDN respond correctly but dynamic requests fail, or CDN returns 502/504, check origin server logs, firewall, SSL and application health.
Related tools
Use these free tools to verify your configuration after applying changes.
Related guides
Browse all Website Health guides →Need help applying this fix?
Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.
Was this guide helpful?
Your feedback helps us improve our guides for everyone.
Thanks for your feedback!