Fix DNS Not Resolving - Nameserver Unreachable

Introduction

When your system cannot resolve domain names, everything depending on DNS stops working - web browsing, email, API calls, and SSH connections all fail. The error "nameserver unreachable" means your resolver cannot contact the DNS servers it's configured to use. This is different from "domain not found" - the problem isn't that the domain doesn't exist, but that your system cannot reach any DNS infrastructure to ask the question.

Symptoms

Commands like ping example.com fail with "Temporary failure in name resolution"
dig or nslookup return "connection timed out; no servers could be reached"
Web browsers show "DNS_PROBE_FINISHED_BAD_CONFIG" or similar errors
System logs show "nameserver unreachable" messages
The issue affects multiple domains, not just one specific site
Local services using IP addresses continue to work normally

Common Causes

Network connectivity issues blocking UDP port 53 or TCP port 53
Firewall rules dropping DNS traffic
Incorrect DNS server configuration in /etc/resolv.conf
DNS servers configured in resolv.conf are actually down or unreachable
VPN or proxy software interfering with DNS resolution
Local DNS cache or stub resolver malfunction

Step-by-Step Fix

1.Verify the issue is DNS-related by testing if IP addresses work when hostnames fail.

```bash # Test if you can reach a known IP ping -c 3 8.8.8.8

# If IP works but DNS fails, the problem is isolated to DNS ping -c 3 google.com ```

1.Check your current DNS configuration to see which servers your system is trying to use.

```bash # Linux cat /etc/resolv.conf

# macOS scutil --dns | grep "nameserver"

# Windows ipconfig /all | findstr "DNS" ```

1.Test connectivity to your configured DNS servers on port 53.

```bash # Test UDP connectivity (standard DNS) nc -vzu 8.8.8.8 53

# Test TCP connectivity (used for large responses) nc -vz 8.8.8.8 53

# Or use dig with a specific server dig @8.8.8.8 google.com +time=5 ```

1.Try alternative DNS servers to determine if your configured servers are the problem.

```bash # Test Google DNS dig @8.8.8.8 example.com

# Test Cloudflare DNS dig @1.1.1.1 example.com

# Test your ISP's DNS (find this from their support page) dig @YOUR_ISP_DNS example.com ```

1.If the configured DNS servers are unreachable, update /etc/resolv.conf with working servers.

```bash # Backup current config sudo cp /etc/resolv.conf /etc/resolv.conf.backup

# Edit with working DNS servers sudo nano /etc/resolv.conf

# Add these lines: nameserver 8.8.8.8 nameserver 1.1.1.1 nameserver 2001:4860:4860::8888 ```

1.On systemd-resolved systems, configure the stub resolver properly.

```bash # Check systemd-resolved status systemctl status systemd-resolved

# Edit resolved configuration sudo nano /etc/systemd/resolved.conf

# Set fallback DNS servers [Resolve] DNS=8.8.8.8 1.1.1.1 FallbackDNS=2001:4860:4860::8888

# Restart the service sudo systemctl restart systemd-resolved

# Ensure symlink is correct ls -la /etc/resolv.conf # Should point to ../run/systemd/resolve/stub-resolv.conf ```

1.Check firewall rules that might be blocking DNS traffic.

```bash # Check iptables rules sudo iptables -L -n -v | grep 53

# Check if DNS is explicitly allowed sudo iptables -L INPUT -n -v | grep -E "53|domain"

# Add DNS allow rules if missing sudo iptables -I INPUT -p udp --dport 53 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 53 -j ACCEPT

# For firewalld users sudo firewall-cmd --add-service=dns --permanent sudo firewall-cmd --reload ```

1.If using VPN software, temporarily disconnect it to test if it's interfering.

```bash # Check for active VPN interfaces ip link show | grep -E "tun|ppp|vpn"

# Test DNS resolution with VPN disconnected dig google.com +short ```

1.Flush any local DNS caches to ensure you're testing fresh lookups.

```bash # systemd-resolved sudo systemd-resolve --flush-caches

# nscd sudo systemctl restart nscd

# dnsmasq sudo systemctl restart dnsmasq

# macOS sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

# Windows ipconfig /flushdns ```

1.Verify the fix by running test queries and checking real application behavior.

```bash # Test resolution dig google.com +short # Should return IP addresses

# Test reverse DNS dig -x 8.8.8.8 +short # Should return dns.google

# Test actual application curl -I https://www.google.com # Should return HTTP 200 ```

Verification

After applying fixes, verify DNS is working:

```bash # Run multiple lookups to different domains for domain in google.com cloudflare.com amazon.com; do echo "Testing $domain:" dig +short $domain done

# Check DNS resolution time is reasonable dig google.com | grep "Query time"

# Ensure no timeout errors dig google.com +tries=3 +time=2 ```

If problems persist after trying public DNS servers, the issue is likely network-level - check your router's DNS forwarding, ISP connectivity, or any upstream DNS filtering.

How to Fix DNS Not Resolving: Nameserver Unreachable

Introduction

Symptoms

Common Causes

Step-by-Step Fix

Verification

Share this guide

More DNS Troubleshooting Guides

Fix DNS RPZ Reaction NSDNAME Not Blocking Queries

Fix DNS DDNS GSS-TSIG Kerberos Authentication

Fix DNS SVCB HTTPS Record Service Binding

Fix DNS ZONEMD Record Integrity Validation Failing

Fix DNS CDS CDNSKEY Automatic DS Update Not Working

Fix DNS NAPTR Record ENUM Translation Failure