Wacs.exe using old DNS (domain's parent DNS resolves correctly)

I fat-fingered a DNS update (migrating a site from one host to another). I have since rectified the DNS and if I do a whois of the domain and check DNS against its parent DNS servers both answer with the correct address (with both the non-www version of the domain and the www version).

8.8.8.8 and 8.8.4.4 both respond with the fat-fingered IP on the non-www but work right with the www.

The site is using IIS so I am attempting to register the certificate with wacs.exe. The www. version worked fine but the non-www errors, and the error text ("detail": "#.#.#.#: Fetching http...) contains the fat-fingered DNS.

Most google results claim that Let's Encrypt does not cache DNS (or does so for a very short time) but rather goes directly to the domain's parent DNS server. That does not track with what I am seeing.

Does it still work like that? www.whatsmydns.net has me at about 50/50 fat-fingered/correct on the non-www so far. Let's Encrypt should have worked right away if it were still true that it checks the parent directly and every time though, right?

Thanks.

Let's Encrypt walks the authoritative DNS tree.

The https://unboundtest.com site uses a similar method.

You should also view your domain at https://dnsviz.net Sometimes DNS config problems can cause problems not readily shown by the methods you chose.

If you want more help we'll need your actual domain name. Explaining DNS issues is much easier with the actual name

Let's Encrypt doesn't use cached DNS, it queries your actual nameservers, but WACS may have it's own pre-authorization self check and that will be using your machines standard DNS lookups.