ServerLookup

How to Troubleshoot Common DNS Problems

by ServerLookup Team
DNSTroubleshootingDevOps

How to Troubleshoot Common DNS Problems

DNS issues are among the most frustrating problems in web infrastructure. A misconfigured DNS record can make your website unreachable, break email delivery, or cause intermittent connectivity problems. This guide will help you diagnose and fix common DNS issues quickly.

Understanding DNS Resolution

Before troubleshooting, understand the DNS resolution flow:

  1. Browser cache
  2. Operating system cache
  3. Router cache
  4. ISP's recursive resolver
  5. Root name servers
  6. TLD name servers
  7. Authoritative name servers

Problems can occur at any level, so systematic troubleshooting is essential.

Common DNS Problems

Problem 1: Website Not Loading (DNS_PROBE_FINISHED_NXDOMAIN)

Symptoms:

  • Browser shows "This site can't be reached"
  • Error code: DNS_PROBE_FINISHED_NXDOMAIN
  • Ping returns "unknown host"

Causes:

  • Domain doesn't exist or expired
  • A/AAAA record missing or incorrect
  • Name servers not responding
  • Typo in domain name

Diagnosis:

# Check if domain exists
nslookup example.com

# Query specific record types
dig example.com A
dig example.com AAAA

# Check name servers
dig example.com NS

Solutions:

  1. Verify domain registration is active
  2. Check A/AAAA records exist in DNS control panel
  3. Ensure name servers are responding
  4. Clear local DNS cache

Problem 2: DNS Resolution is Slow

Symptoms:

  • Website takes long to start loading
  • Initial connection is slow, but subsequent loads are fast
  • Timeout errors occasionally

Causes:

  • Slow DNS resolver
  • High latency to name servers
  • Name server overloaded
  • Network issues

Diagnosis:

# Measure DNS query time
dig example.com | grep "Query time"

# Test multiple resolvers
dig @8.8.8.8 example.com
dig @1.1.1.1 example.com
dig @9.9.9.9 example.com

# Check name server response times
time dig example.com

Solutions:

  1. Switch to faster DNS resolver (1.1.1.1, 8.8.8.8)
  2. Use DNS providers with better geographic distribution
  3. Consider DNS CDN services like Cloudflare
  4. Check network latency and routing

Problem 3: Intermittent DNS Failures

Symptoms:

  • Website works sometimes, fails other times
  • Different results from different locations
  • Works on some networks, fails on others

Causes:

  • DNS propagation in progress
  • Inconsistent name server responses
  • Load balancing issues
  • ISP DNS problems

Diagnosis:

# Check multiple name servers
dig @ns1.example.com example.com
dig @ns2.example.com example.com

# Query from multiple DNS resolvers
dig @8.8.8.8 example.com
dig @208.67.222.222 example.com

# Check propagation
# Use tools like ServerLookup.io DNS Propagation checker

Solutions:

  1. Wait for full DNS propagation (24-48 hours)
  2. Ensure all name servers return consistent data
  3. Check SOA serial numbers are synchronized
  4. Verify zone transfer is working between name servers

Problem 4: Email Not Working (MX Record Issues)

Symptoms:

  • Emails bounce back
  • Cannot send/receive email
  • Mail server errors

Causes:

  • Missing or incorrect MX records
  • Wrong priority values
  • MX pointing to non-existent host
  • SPF/DKIM records missing

Diagnosis:

# Check MX records
dig example.com MX

# Verify mail server exists
dig mail.example.com A

# Check SPF record
dig example.com TXT

# Test mail server connectivity
telnet mail.example.com 25

Solutions:

  1. Verify MX records exist and are correct
  2. Ensure MX priorities are appropriate (lower = higher priority)
  3. Confirm mail server has A/AAAA records
  4. Set up SPF, DKIM, and DMARC records properly

Problem 5: Changes Not Taking Effect

Symptoms:

  • Updated DNS records but site still shows old content
  • Old IP address still resolving
  • Changes visible in control panel but not in queries

Causes:

  • DNS propagation delay
  • High TTL values
  • Cached records
  • Not querying authoritative servers

Diagnosis:

# Query authoritative name server directly
dig @ns1.example.com example.com

# Check current TTL
dig example.com | grep -i ttl

# See what Google DNS has cached
dig @8.8.8.8 example.com

Solutions:

  1. Lower TTL before making changes (24-48 hours in advance)
  2. Clear local caches:
    # Windows
ipconfig /flushdns

# macOS
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

# Linux
sudo systemd-resolve --flush-caches
  3. Wait for TTL period to expire
  4. Verify changes on authoritative name servers

Problem 6: Subdomain Not Working

Symptoms:

  • Main domain works, subdomain doesn't
  • www.example.com fails but example.com works
  • Subdomain shows different error than main domain

Causes:

  • Missing A/AAAA or CNAME record for subdomain
  • Incorrect CNAME target
  • Wildcard record issues

Diagnosis:

# Check subdomain record
dig www.example.com

# Compare with main domain
dig example.com

# Check CNAME
dig www.example.com CNAME

Solutions:

  1. Add A/AAAA record for subdomain
  2. Or add CNAME pointing to main domain
  3. Verify CNAME target exists
  4. Check wildcard (*) record if using

Problem 7: DNS Timeout Errors

Symptoms:

  • "DNS server not responding"
  • Timeout errors in dig/nslookup
  • Unable to resolve any domains

Causes:

  • DNS server down or unreachable
  • Firewall blocking DNS (port 53)
  • Network connectivity issues
  • Incorrect DNS server configuration

Diagnosis:

# Test DNS server connectivity
ping 8.8.8.8

# Test DNS port
nc -zv 8.8.8.8 53

# Check current DNS configuration
# Windows: ipconfig /all
# Linux: cat /etc/resolv.conf

# Try alternative DNS
dig @1.1.1.1 example.com

Solutions:

  1. Switch to public DNS (8.8.8.8, 1.1.1.1)
  2. Check firewall rules
  3. Restart network interface
  4. Check for malware/DNS hijacking

Essential DNS Troubleshooting Tools

Command-Line Tools

dig (Domain Information Groper)

# Basic query
dig example.com

# Specific record type
dig example.com MX

# Query specific server
dig @8.8.8.8 example.com

# Trace full resolution path
dig +trace example.com

nslookup

# Simple query
nslookup example.com

# Interactive mode
nslookup
> server 8.8.8.8
> example.com

host

# Quick lookup
host example.com

# Specific record type
host -t MX example.com

Web-Based Tools

  • ServerLookup.io: Comprehensive DNS inspection and propagation checking
  • DNSChecker.org: Quick propagation checks
  • MXToolbox: Email and DNS testing
  • IntoDNS: DNS health check

Advanced Tools

mtr (My Traceroute)

# Trace route with DNS info
mtr example.com

tcpdump (Packet capture)

# Capture DNS traffic
sudo tcpdump -i any port 53

DNS Troubleshooting Workflow

Follow this systematic approach:

Step 1: Identify the Scope

  • Is it one domain or all domains?
  • Is it one location or worldwide?
  • Is it one device or network-wide?

Step 2: Test Basic Connectivity

# Can you reach DNS servers?
ping 8.8.8.8

# Can you reach the website by IP?
curl http://93.184.216.34

Step 3: Check DNS Configuration

# What DNS servers are you using?
# Windows
ipconfig /all | findstr "DNS Servers"

# Linux
cat /etc/resolv.conf

Step 4: Test DNS Resolution

# Can you resolve domain names?
nslookup example.com

# Try multiple DNS servers
nslookup example.com 8.8.8.8
nslookup example.com 1.1.1.1

Step 5: Check Authoritative Servers

# Query domain's name servers directly
dig @ns1.example.com example.com

Step 6: Verify Records

# Check all relevant record types
dig example.com A
dig example.com AAAA
dig example.com MX
dig example.com TXT

Step 7: Check Propagation

Use ServerLookup.io's DNS Propagation tool to verify changes across global locations.

Prevention Best Practices

Before Making Changes

  1. Document Current State: Record all existing DNS records
  2. Lower TTL: Set TTL to 300 seconds (5 minutes) 24-48 hours before changes
  3. Have Rollback Plan: Know how to revert changes quickly
  4. Schedule During Low Traffic: Make changes when impact is minimal

After Making Changes

  1. Monitor Immediately: Check authoritative servers first
  2. Test from Multiple Locations: Use propagation checkers
  3. Verify Application Functionality: Don't just check DNS, test the actual service
  4. Restore Normal TTL: Increase TTL back to normal after successful propagation

Regular Maintenance

  1. Monitor DNS Health: Set up alerts for DNS failures
  2. Keep Records Updated: Remove unused records
  3. Review Security Settings: Check DNSSEC, CAA records
  4. Test Disaster Recovery: Know how to switch providers quickly

When to Escalate

Contact your DNS provider or seek expert help if:

  • DNS servers are consistently unavailable
  • Security issues suspected (DNS hijacking, cache poisoning)
  • Complex configurations not working as expected
  • Provider's systems appear to have issues

Conclusion

DNS troubleshooting requires systematic thinking and the right tools. Most DNS problems can be diagnosed and fixed quickly by:

  1. Understanding the DNS resolution chain
  2. Using proper diagnostic tools (dig, nslookup)
  3. Checking configuration at each level
  4. Verifying changes with propagation tools
  5. Maintaining good DNS hygiene

Tools like ServerLookup.io make DNS troubleshooting easier by providing comprehensive views of your DNS configuration, real-time propagation checking, and historical data. Regular monitoring and proactive maintenance will help you catch issues before they become critical.

Remember: when troubleshooting DNS, patience is key. Changes take time to propagate, and caches need time to expire. Always verify changes on authoritative name servers first, then check propagation to resolvers worldwide.