Fix DNS A Record Missing - Domain Resolution Failure

Introduction

The A (Address) record is the most fundamental DNS record type - it maps a hostname to an IPv4 address. When an A record is missing, users cannot reach your website, API, or service because resolvers return NXDOMAIN (domain not found) or no answer. This can happen from accidental deletion, failed zone transfers, configuration errors, or when migrating between DNS providers.

Symptoms

Website returns "domain not found" or "server IP address could not be found"
dig or nslookup return NXDOMAIN for your domain
ping hostname fails with "unknown host"
Curl requests fail with "Could not resolve host"
SSL certificate validation fails because domain doesn't resolve
Email bounces because MX record points to a hostname without A record
Only some subdomains work while others fail

Common Causes

A record was never created for the hostname
A record accidentally deleted during zone editing
Zone file corruption or failed transfer between master/slave servers
Typo in zone file preventing proper loading
Incorrect record type used (AAAA for IPv4, or CNAME conflict)
DNS provider migration where records weren't transferred completely

Step-by-Step Fix

1.Verify the A record is actually missing by querying authoritative nameservers.

```bash # Query your domain's authoritative nameservers directly dig @ns1.yourprovider.com example.com A

# Check if you get an answer section # NOERROR with empty answer = record doesn't exist # NXDOMAIN = entire domain doesn't exist in zone

# Also check for www and other common subdomains dig @ns1.yourprovider.com www.example.com A dig @ns1.yourprovider.com api.example.com A ```

1.Determine if the domain exists in the zone at all.

```bash # Check for SOA record - if this exists, the zone is loaded dig @ns1.yourprovider.com example.com SOA

# Check for any records for this domain dig @ns1.yourprovider.com example.com ANY

# Note: ANY queries are deprecated and may not work on all servers # Better to query specific types: for type in A AAAA MX NS TXT CNAME; do echo "Checking $type record:" dig @ns1.yourprovider.com example.com $type +short done ```

1.Check if a CNAME record is blocking the A record.

```bash # CNAME and A cannot coexist at the same name dig @ns1.yourprovider.com example.com CNAME

# If CNAME exists, you must choose: # - Remove CNAME and add A record (for direct hosting) # - Keep CNAME pointing to correct target (for CDN/proxy)

# Example conflict - this is INVALID: # example.com. IN CNAME something.cloudfront.net. # example.com. IN A 192.0.2.1 ```

1.Verify the zone file is loaded and syntactically correct on your DNS server.

```bash # For BIND, check zone file syntax named-checkzone example.com /etc/bind/zones/example.com.zone

# Output should be "OK" - look for errors like: # - Missing trailing dots on FQDNs # - Invalid IP address format # - Missing/incorrect SOA record # - Out of zone data

# Check if zone is loaded rndc status example.com

# For other DNS servers, check their specific commands: # PowerDNS: pdnsutil check-zone example.com # Knot DNS: knotc zone-check example.com ```

1.Look at the zone file directly to find the missing or incorrect entry.

```bash # Example BIND zone file - check for A record: $TTL 86400 @ IN SOA ns1.example.com. admin.example.com. ( 2026040401 ; Serial 3600 ; Refresh 600 ; Retry 86400 ; Expire 3600 ) ; Minimum

@ IN NS ns1.example.com. @ IN NS ns2.example.com.

; Check for this line - the A record: @ IN A 192.0.2.1 www IN A 192.0.2.1 api IN A 192.0.2.2

; Common mistakes to look for: ; - Missing @ symbol for apex domain ; - Wrong IP address ; - Record commented out with ; ; - Typo in hostname ```

1.Add the missing A record through your DNS management interface.

```bash # BIND zone file - add the A record: example.com. 3600 IN A 192.0.2.1

# Or use @ shorthand for apex: @ 3600 IN A 192.0.2.1

# Common control panel fields: # Name/Host: @ (or blank for apex), www, api, etc. # Type: A # Value/IP: 192.0.2.1 # TTL: 3600 (1 hour)

# After adding, reload the zone rndc reload example.com # Or restart BIND systemctl restart named ```

1.For DNS provider migrations, ensure records were transferred correctly.

```bash # Export from old provider and import to new # Most providers support zone file export in BIND format

# Compare records between old and new provider echo "Old provider:" dig @old-ns.provider.com example.com A +short

echo "New provider:" dig @new-ns.provider.com example.com A +short

# Use diff to compare full zone exports diff old-zone.txt new-zone.txt ```

1.Increment the SOA serial number after making changes.

```bash # BIND requires serial increment for zone transfers # Common format: YYYYMMDDNN (date + change number) # Example: @ IN SOA ns1.example.com. admin.example.com. ( 2026040401 ; Serial - increment this! ; ... rest of SOA )

# If using automatic serial (many providers do this), # you don't need to worry about this step

# Verify serial incremented: dig @ns1.example.com example.com SOA +short | head -1 ```

1.Verify the record appears correctly after adding.

```bash # Query authoritative server dig @ns1.yourprovider.com example.com A

# Expected output: # ;; ANSWER SECTION: # example.com. 3600 IN A 192.0.2.1

# Test all related hostnames dig @ns1.yourprovider.com www.example.com A dig @ns1.yourprovider.com example.com A

# Verify IP address is correct dig @ns1.yourprovider.com example.com A +short # Should match your expected IP ```

1.Test resolution through public resolvers after propagation.

```bash # Wait for TTL seconds, then test public resolvers dig @8.8.8.8 example.com A +short dig @1.1.1.1 example.com A +short

# Test actual connectivity curl -I http://example.com

# Test with hostname resolution ping -c 3 example.com ```

Verification

Complete verification ensures the record works end-to-end:

```bash # 1. Verify authoritative servers have the record for ns in $(dig example.com NS +short); do echo "A record on ${ns%.}:" dig @${ns%.} example.com A +short done

# 2. Verify resolution through public DNS echo "Resolution via Google:" dig @8.8.8.8 example.com A +short echo "Resolution via Cloudflare:" dig @1.1.1.1 example.com A +short

# 3. Test the resolved IP actually responds ip=$(dig example.com A +short | head -1) echo "Testing connectivity to $ip:" curl -I http://$ip

# 4. Verify reverse DNS if needed dig -x $ip +short ```

Common A Record Issues Checklist

Record exists in zone file but zone not reloaded
SOA serial not incremented (slave servers won't transfer)
CNAME at same name conflicts with A record
Typo in IP address (wrong octets, incomplete address)
Missing trailing dot on FQDN causes zone expansion error
Wrong zone file being edited (test vs production)
DNS provider API or control panel had sync issues

How to Fix DNS A Record Missing

Introduction

Symptoms

Common Causes

Step-by-Step Fix

Verification

Common A Record Issues Checklist

Share this guide

More DNS Troubleshooting Guides

Fix DNS RPZ Reaction NSDNAME Not Blocking Queries

Fix DNS DDNS GSS-TSIG Kerberos Authentication

Fix DNS SVCB HTTPS Record Service Binding

Fix DNS ZONEMD Record Integrity Validation Failing

Fix DNS CDS CDNSKEY Automatic DS Update Not Working

Fix DNS NAPTR Record ENUM Translation Failure