What does “error: token mismatch” mean?

We temporarily moved some CNAME records in our DNS to point to a different server while undertaking maintenance work - we do this every six months or so - and we allow a decent amount of time to allow for propagation.

Everything seemed fine - users were being sent to the correct server, and when I used nslookup to test our primary and secondary DNS, the CNAME data was correct for all the domains we were redirecting. However, when using the service at whatsmydns.com, we were being told by each DNS the service polled that there was an "error: token mismatch" from all servers.

Now that the maintenance work has been completed, the CNAME records have been returned to their original values - nslookup and whatsmydns.com all return these expected values.

I've tried searching for "error: token mismatch" - but all I can find are product/service support forums where the response is simply "your website seem fine", and don't actually identify or discuss what a token mismatch is in terms of DNS resolution.

So - what is an "error: token mismatch" in this context?

Solution 1:

For whatsmydns.net the Token Mismatch error is related to a timeout of a token generated by the website that allows you to use their search/lookup system. Normally you can refresh the whatsmydns.net website to get a new token and perform searches. It appears they use this token to ensure a 3rd party does not use their system and that instead users go to their site directly.

Solution 2:

I had the same token mismatch from whatsmydns.net

Simply opened an incogneto window and tried again (or clear the browser cache).

The A records all returned the corresponding IP address correctly.