DNS Troubleshooting
DNS problems often look like “the site is down,” but the real issue is resolution: bad records, missing delegation, cached failures, or a resolver returning inconsistent answers. This pillar gives you a practical workflow to validate records quickly and avoid chasing ghosts.
Related tool
- DNS Checker — validate common record types and resolution.
Fast triage: what error are you seeing?
- NXDOMAIN: the name doesn’t exist (or the query is pointed at the wrong zone).
- SERVFAIL: the resolver couldn’t complete validation (DNSSEC issues, misconfigured authoritative servers, timeouts).
- Works for some users: propagation/caching/geo-DNS differences, or multiple resolvers in the chain.
Common DNS failure patterns
Record exists, but points wrong
Validate A/AAAA/CNAME targets. A single wrong character or stale target can create intermittent or total failure.
Authoritative servers unreachable
If resolvers can’t reach the authoritative NS, results can vary by resolver and region. Check for firewall blocks and outages.
Recommended workflow
- Run DNS Checker and verify the expected records exist.
- If results differ by resolver, suspect caching/propagation or a failing authoritative server.
- If the domain resolves but the service fails, pivot to Ping & Latency Diagnostics and Traceroute & Routing.