Docs / Networking / How to Debug DNS Resolution Issues

How to Debug DNS Resolution Issues

By Admin · Mar 15, 2026 · Updated Apr 23, 2026 · 330 views · 2 min read

DNS problems are among the most common networking issues on servers. When DNS resolution fails, applications cannot connect to external services, and your website may become unreachable. This guide provides a systematic approach to diagnosing and fixing DNS issues.

Quick DNS Health Check

# Test basic resolution
dig google.com +short
# Should return IP addresses

# If dig fails, check resolv.conf
cat /etc/resolv.conf

# Test with a specific DNS server
dig @1.1.1.1 google.com +short
dig @8.8.8.8 google.com +short

Common DNS Problems

1. No DNS Server Configured

# Check resolv.conf
cat /etc/resolv.conf
# If empty or missing nameserver lines:
echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf
echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf

2. DNS Server Unreachable

# Test if you can reach the DNS server
ping -c 3 1.1.1.1
# If ping fails, check your network/firewall

# Check if port 53 is blocked
nc -zvu 1.1.1.1 53

3. Slow DNS Resolution

# Measure DNS query time
dig google.com | grep "Query time"
# Query time: 1 msec (good)
# Query time: 500 msec (slow — try different DNS server)
# Query time: 5000 msec (very slow — DNS server issues)

# Try different resolvers
dig @1.1.1.1 google.com | grep "Query time"  # Cloudflare
dig @8.8.8.8 google.com | grep "Query time"  # Google
dig @9.9.9.9 google.com | grep "Query time"  # Quad9

4. DNS Propagation Delays

# When you change DNS records, propagation takes time
# Check from multiple locations:
dig @ns1.yourdomain.com yourdomain.com    # Authoritative NS
dig @1.1.1.1 yourdomain.com              # Cloudflare (fast cache refresh)
dig @8.8.8.8 yourdomain.com              # Google (slower refresh)

# Check TTL (time to live) on the record
dig yourdomain.com | grep -A1 "ANSWER SECTION"

Diagnosing Record-Specific Issues

# Check A record (IPv4 address)
dig yourdomain.com A

# Check AAAA record (IPv6 address)
dig yourdomain.com AAAA

# Check MX records (email routing)
dig yourdomain.com MX

# Check NS records (nameservers)
dig yourdomain.com NS

# Check CNAME records
dig subdomain.yourdomain.com CNAME

# Check TXT records (SPF, DKIM, etc.)
dig yourdomain.com TXT

# Full DNS trace (shows the entire resolution chain)
dig +trace yourdomain.com

Fixing systemd-resolved Issues

# Ubuntu uses systemd-resolved which can cause confusion
# Check if it is active
systemctl status systemd-resolved

# View resolved DNS servers
resolvectl status

# If /etc/resolv.conf points to 127.0.0.53:
# This is normal — systemd-resolved runs a local caching resolver
# The actual upstream servers are configured elsewhere

# Set upstream DNS servers
sudo nano /etc/systemd/resolved.conf
# [Resolve]
# DNS=1.1.1.1 8.8.8.8
# FallbackDNS=9.9.9.9

sudo systemctl restart systemd-resolved

DNS Caching

# Flush DNS cache
# systemd-resolved:
sudo resolvectl flush-caches
resolvectl statistics

# nscd (if installed):
sudo nscd -i hosts

Was this article helpful?

Related Articles