diff --git a/challenge/dns01/precheck.go b/challenge/dns01/precheck.go
index 0329b242..0c3364e6 100644
--- a/challenge/dns01/precheck.go
+++ b/challenge/dns01/precheck.go
@@ -44,10 +44,15 @@ func RecursiveNSsPropagationRequirement() ChallengeOption {
 	}
 }
 
-func PropagationWaitOnly(wait time.Duration) ChallengeOption {
+func PropagationWait(wait time.Duration, skipCheck bool) ChallengeOption {
 	return WrapPreCheck(func(domain, fqdn, value string, check PreCheckFunc) (bool, error) {
 		time.Sleep(wait)
-		return true, nil
+
+		if skipCheck {
+			return true, nil
+		}
+
+		return check(fqdn, value)
 	})
 }
 
diff --git a/cmd/setup_challenges.go b/cmd/setup_challenges.go
index 6391ba07..2ec38198 100644
--- a/cmd/setup_challenges.go
+++ b/cmd/setup_challenges.go
@@ -143,7 +143,9 @@ func setupDNS(ctx *cli.Context, client *lego.Client) error {
 			dns01.DisableAuthoritativeNssPropagationRequirement()),
 
 		dns01.CondOption(ctx.Duration(flgDNSPropagationWait) > 0,
-			dns01.PropagationWaitOnly(wait)),
+			// TODO(ldez): inside the next major version we will use flgDNSDisableCP here.
+			// This will change the meaning of this flag to really disable all propagation checks.
+			dns01.PropagationWait(wait, true)),
 
 		dns01.CondOption(ctx.Bool(flgDNSPropagationRNS),
 			dns01.RecursiveNSsPropagationRequirement()),