Fix DNS Resolution Failed

What's Actually Happening

DNS resolution fails when trying to resolve hostnames. Applications cannot find hosts, web browsing fails, or services cannot connect to external resources.

The Error You'll See

DNS resolution failed:

ping example.com
ping: example.com: Name or service not known

nslookup error:

nslookup example.com
;; connection timed out; no servers could be reached

curl error:

curl http://example.com
curl: (6) Could not resolve host: example.com

Why This Happens

1. 1.DNS server down - DNS server not responding
2. 2.Wrong DNS server - Incorrect DNS server configured
3. 3.Network issue - Cannot reach DNS server
4. 4.Firewall blocking - DNS port 53 blocked
5. 5.DNS cache issue - Stale DNS cache
6. 6./etc/hosts override - Wrong entry in hosts file
7. 7.DNSSEC failure - DNSSEC validation failing

Step 1: Check DNS Resolution

```bash nslookup example.com

dig example.com

host example.com

# Check with specific DNS: nslookup example.com 8.8.8.8

dig @8.8.8.8 example.com

# Short answer: dig +short example.com ```

Step 2: Check DNS Configuration

```bash cat /etc/resolv.conf

# Check DNS servers: grep nameserver /etc/resolv.conf

# Common DNS servers: # Google: 8.8.8.8, 8.8.4.4 # Cloudflare: 1.1.1.1, 1.0.0.1 # Quad9: 9.9.9.9

# Test DNS server: ping -c 3 8.8.8.8

# Add DNS server: echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf ```

Step 3: Check Network Connectivity

```bash ping -c 3 8.8.8.8

ping -c 3 1.1.1.1

# Check routing: ip route

route -n

# Test DNS port: nc -zuv 8.8.8.8 53

# DNS over TCP: dig +tcp example.com ```

Step 4: Check /etc/hosts

```bash cat /etc/hosts

# Look for overrides: grep example.com /etc/hosts

# Remove wrong entries: # Comment out or delete incorrect lines

# Flush hosts cache: # On Linux, no caching by default # On Windows: ipconfig /flushdns ```

Step 5: Check Firewall

```bash iptables -L -n | grep 53

# Allow DNS: iptables -I OUTPUT -p udp --dport 53 -j ACCEPT iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT

# UFW: ufw allow out 53/udp ufw allow out 53/tcp

# Firewalld: firewall-cmd --add-service=dns ```

Step 6: Clear DNS Cache

```bash # systemd-resolved: systemctl restart systemd-resolved

resolvectl flush-caches

# nscd: systemctl restart nscd

# dnsmasq: systemctl restart dnsmasq

# Check if resolved running: systemctl status systemd-resolved

# Use resolvectl: resolvectl status ```

Step 7: Check DNS Server Status

```bash # If running local DNS:

systemctl status named systemctl status bind9 systemctl status dnsmasq

# Check DNS logs: journalctl -u named -f journalctl -u dnsmasq -f

# Test local DNS: dig @127.0.0.1 example.com ```

Step 8: Check DNSSEC

```bash # Test with DNSSEC: dig +dnssec example.com

# Disable DNSSEC in systemd-resolved: # /etc/systemd/resolved.conf: DNSSEC=no

# Restart: systemctl restart systemd-resolved

# Check DNSSEC errors: journalctl -u systemd-resolved | grep -i dnssec ```

Step 9: Check DNS Over HTTPS

```bash # systemd-resolved DoH: # /etc/systemd/resolved.conf: DNSOverTLS=opportunistic

# Test with DoH: curl -H "accept: application/dns-json" "https://cloudflare-dns.com/dns-query?name=example.com"

# Disable DoH if issues: DNSOverTLS=no ```

Step 10: Monitor DNS

```bash # Continuous DNS check: watch -n 5 'dig +short example.com'

# DNS performance: dig example.com | grep "Query time"

# Monitor resolution: tcpdump -i any port 53 -nn

# DNS statistics: resolvectl statistics ```

DNS Resolution Failed Checklist

Verify the Fix

```bash nslookup example.com

dig +short example.com

ping -c 3 example.com

curl -I http://example.com

cat /etc/resolv.conf

systemctl status systemd-resolved ```

Related Issues

• [Fix DNS Server Not Responding](/articles/fix-dns-server-not-responding)
• [Fix DNS Propagation Delay](/articles/fix-dns-propagation-delay)
• [Fix Network Port Not Listening](/articles/fix-network-port-not-listening)