How to Diagnose and Fix DNS Resolution Issues

How to Diagnose and Fix DNS Resolution Issues

DNS resolution failures are among the most common networking problems on Linux servers. When DNS stops working on your Breeze instance, almost everything breaks — package installations fail, APIs time out, and services cannot reach external endpoints. This guide provides a systematic approach to diagnosing and resolving DNS issues.

Step 1: Identify the Symptom

First, confirm whether DNS is actually the problem. If you can reach an IP address but not a hostname, DNS is likely at fault:

# Test by IP (bypasses DNS)
ping -c 2 8.8.8.8

# Test by hostname (requires DNS)
ping -c 2 google.com

# If IP works but hostname fails, it is a DNS issue

Step 2: Check Your Resolver Configuration

Examine which DNS servers your Breeze is configured to use:

cat /etc/resolv.conf

You should see one or more nameserver entries. Common issues include:

• Empty or missing /etc/resolv.conf
• Nameserver pointing to an unreachable IP
• Stale entries from a previous network configuration
• Too many nameserver entries (only the first 3 are used)

Step 3: Test DNS Resolution with dig

Use dig to test specific resolvers:

# Query the default resolver
dig example.com

# Query a specific public resolver
dig @8.8.8.8 example.com
dig @1.1.1.1 example.com

# Check for specific record types
dig example.com MX
dig example.com AAAA
dig example.com NS

If public resolvers work but your configured resolver does not, the problem is with your resolver, not your network.

Step 4: Check for systemd-resolved Issues

On systems using systemd-resolved, /etc/resolv.conf should be a symlink to the resolved stub:

ls -la /etc/resolv.conf
resolvectl status
resolvectl dns

If systemd-resolved is malfunctioning, restart it:

sudo systemctl restart systemd-resolved

Step 5: Diagnose Network-Level DNS Issues

Verify that DNS packets can reach the resolver:

# Check if UDP port 53 is reachable
nmap -sU -p 53 8.8.8.8

# Check if a firewall is blocking DNS
sudo iptables -L -n | grep 53
sudo nft list ruleset | grep 53

# Test with a TCP DNS query (bypasses UDP blocks)
dig +tcp @8.8.8.8 example.com

Common Fixes

Fix 1: Set reliable nameservers

echo -e "nameserver 8.8.8.8\nnameserver 1.1.1.1" | sudo tee /etc/resolv.conf

Fix 2: Prevent resolv.conf from being overwritten

sudo chattr +i /etc/resolv.conf

Fix 3: Flush the local DNS cache

sudo resolvectl flush-caches    # systemd-resolved
sudo systemd-resolve --flush-caches    # older syntax

Fix 4: Install a local caching resolver

sudo apt install -y unbound
sudo systemctl enable --now unbound

Configure unbound at /etc/unbound/unbound.conf with upstream forwarders and point /etc/resolv.conf to 127.0.0.1.

Step 6: Check for DNS-Specific Application Issues

Some applications use their own DNS settings. Check /etc/nsswitch.conf to verify the resolution order:

grep hosts /etc/nsswitch.conf
# Should show: hosts: files dns

Also check /etc/hosts for incorrect or stale entries that might override DNS resolution. Applications inside containers may have their own /etc/resolv.conf — verify container DNS configuration separately.

Preventive Measures

To avoid DNS issues on your Breeze, configure at least two nameservers from different providers, run a local caching resolver for resilience, and monitor DNS resolution times as part of your regular health checks.