DNS (Domain Name System) troubleshooting is critical for network connectivity since most applications rely on name resolution to function properly. DNS issues often manifest as “can’t reach websites” but network connectivity exists.

Common DNS Problems

• No DNS server configured - Host has no DNS server IP addresses configured
• DNS server unreachable - Network connectivity issues to DNS servers (firewall, routing)
• DNS server not responding - DNS service down or overloaded on target server
• Incorrect DNS records - Wrong A, AAAA, CNAME, or other record types configured
• DNS cache poisoning - Corrupted or outdated entries in local DNS cache
• Reverse DNS issues - PTR records missing or incorrect (affects some applications)

DNS Troubleshooting Tools

Systematic DNS Troubleshooting Process

• Step 1: Verify network connectivity - Can you reach DNS servers directly via IP?
  • Test with ping 8.8.8.8 or your configured DNS server
• Step 2: Check DNS configuration - Are DNS servers properly configured?
  • Windows: ipconfig /all | Linux: cat /etc/resolv.conf
• Step 3: Test external DNS - Try known good DNS servers (8.8.8.8, 1.1.1.1)
  • Use nslookup google.com 8.8.8.8 to bypass local DNS
• Step 4: Clear DNS cache - Remove potentially corrupted cached entries
  • Windows: ipconfig /flushdns | Linux: varies by distribution
• Step 5: Test specific records - Verify different record types work
  • Use nslookup -type=MX domain.com for mail records

DNS Query Types for Troubleshooting

• A record - IPv4 address resolution (most common)
• AAAA record - IPv6 address resolution
• CNAME record - Canonical name (alias) resolution
• MX record - Mail exchange server information
• PTR record - Reverse DNS (IP to name resolution)
• NS record - Name server information for domain

Common DNS Server Issues

• Forwarder problems - Internal DNS server can’t reach upstream DNS servers
• Zone transfer failures - Secondary DNS servers not syncing with primary
• Resource record corruption - Database entries become invalid or outdated
• Load balancing issues - DNS round-robin not distributing requests properly
• TTL (Time To Live) problems - Cache timeout values too high/low causing stale data

Advanced Troubleshooting Techniques

• Trace DNS resolution path - Use dig +trace domain.com to see full resolution process
• Check specific DNS servers - Test authoritative servers directly with dig @ns1.domain.com
• Monitor DNS traffic - Use packet capture to analyze DNS request/response patterns
• Test from different locations - DNS issues may be geographically specific
• Verify DNS security - Check for DNSSEC validation issues with dig +dnssec

Vocabulary

• Authoritative DNS Server - Server that contains the actual DNS records for a domain (not cached)
• Recursive DNS Server - Server that performs full DNS lookups on behalf of clients
• DNS Forwarder - Server that passes DNS queries to other DNS servers for resolution
• TTL (Time To Live) - How long DNS records should be cached before refreshing
• FQDN (Fully Qualified Domain Name) - Complete domain name including all levels (www.example.com.)

Notes

• Always test DNS from multiple sources - Issues may be specific to one DNS server or network path
• DNS propagation can take 24-48 hours - Recent DNS changes may not be visible everywhere immediately
• Default DNS ports: UDP 53 (queries), TCP 53 (zone transfers, large responses)
• Most DNS issues are configuration-related - Check DNS server IPs, firewall rules, and network connectivity first
• Browser DNS caching - Browsers maintain separate DNS caches that may need clearing independently
• Use 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare) as known-good external DNS servers for testing
• Corporate networks - May require specific internal DNS servers and block external DNS queries
• DNS load balancing - Multiple A records for same domain can cause intermittent connectivity issues during troubleshooting