DNS Server Not Responding: Symptoms, Causes, and Complete Fixes
DNS failures are one of the most common — and most confusing — networking problems. When your browser shows "DNS server not responding", your device can't translate domain names (like example.com) into IP addresses. That stops web, email, chat, and many apps.
This guide walks you through how to test, diagnose, and fix DNS issues on client devices and on DNS servers themselves (recursive and authoritative). You'll find OS-specific commands, network-level troubleshooting, server-level debugging for common DNS software, monitoring tips, and prevention best practices.
Quick Triage (5-Minute Checks)
When users report "DNS server not responding", follow these quick checks first:
Reboot the device (computer, phone) and the router.
Test another device on the same network — same problem? If yes, likely network / router / ISP.
Try a known good resolver immediately: open terminal and ping 1.1.1.1 (Cloudflare). If IP ping works but domain names don't, it's DNS.
Temporarily switch to a public DNS (Cloudflare 1.1.1.1 / Google 8.8.8.8 / Quad9 9.9.9.9) and retest.
If you're on a VPN, disconnect and retest (or connect and see if DNS changes).
Result: If these fix it, read the relevant "fast fix" sections below. If not, continue with full diagnostics.
How DNS Works (Short, Essential Context)
Recursive Resolver
The DNS server your device queries (ISP or configured resolver).
Authoritative Server
The server that holds DNS records for a domain.
Stub Resolver
The tiny resolver in OS that forwards queries.
Ports & Protocols
DNS uses UDP/TCP port 53, plus DoT (TCP 853) and DoH (HTTPS 443).
Understanding which piece is failing (your local resolver, the ISP's recursive resolver, the authoritative DNS) makes diagnosis far easier.
Symptoms and What They Mean
| Symptom | Likely Cause |
|---|---|
| "DNS server not responding" (browser) | Your stub resolver couldn't get a reply. Could be local, router, or ISP. |
| Intermittent name resolution | Maybe packet loss, overloaded resolver, or rate limiting. |
| Only some domains fail | Authoritative DNS problem or DNSSEC failure. |
| All domains fail but IPs work | DNS-only issue (network connectivity okay). |
| Slow name resolution | Overloaded/latency on resolver, or network congestion. |
Testing Tools (Online & CLI)
Online Web Tools (Fast)
CLI Tools (Recommended for Admins)
dig — Flexible DNS queries
Basic query:
Query specific resolver:
Trace full resolution:
Check DNSSEC:
nslookup — Simpler queries (Windows & cross-platform)
host — Quick lookups (bind-utils)
tcpdump / tshark — Capture DNS traffic
OS-specific tools
Linux (systemd): systemd-resolve --status or resolvectl status
macOS: scutil --dns
Windows: ipconfig /all
Step-by-Step Diagnostics (Client-Side → Network → Server-Side)
Client-Side Checks (Windows)
1. Confirm DNS server addresses:
2. See which resolver responds:
3. Flush DNS cache:
4. Temporarily set DNS on adapter to 1.1.1.1 and 1.0.0.1 and retest.
5. Check firewall/antivirus (they sometimes block DNS or override settings).
Client-Side Checks (macOS)
1. Inspect resolver config:
2. Clear caches:
3. Test with dig:
Client-Side Checks (Linux)
1. Check resolver status:
Or check /etc/resolv.conf
2. Check systemd-resolved logs:
3. Test with specific resolver:
4. If resolv.conf is a symlink to systemd stub 127.0.0.53, ensure systemd-resolved is correctly configured.
Router / Home Network
- Reboot router.
- Check router DNS settings — some routers set ISP DNS for clients. Change to privacy resolver if needed.
- Check parental control / content filter settings (often block/rescue DNS).
- Try connecting device directly to modem (bypass router).
ISP & Upstream
Compare ISP DNS vs public DNS:
dig @1.1.1.1 example.com
If ISP fails consistently, contact ISP or check ISP outage notifications (social, status pages).
VPN / Split Tunneling
- Disable VPN and retest.
- If VPN leaks DNS or blocks, enable the VPN client's DNS leak protection or set the OS to use encrypted DNS (DoH/DoT) through the VPN.
- For corporate split-DNS, ensure internal names resolve via the tunnel.
Server-Side (If You Run the DNS Server)
1. Check service status:
systemctl status unbound # Unbound
systemctl status dnsmasq # dnsmasq
systemctl status pdns # PowerDNS
2. Check logs:
# or /var/log/named/*
3. Verify zone files (BIND):
named-checkzone example.com /path/to/zonefile
4. Verify port reachability:
5. Test authoritative responses from outside:
dig +short NS example.com
Common Causes & Fixes (Organized by Category)
Local / OS Cause
Cause: Local DNS cache corrupted or stub resolver misconfigured.
Fix: Flush cache, restart resolver service, correct /etc/resolv.conf to expected nameservers.
Commands:
ipconfig /flushdns
# macOS
sudo killall -HUP mDNSResponder
# Linux (systemd)
sudo systemctl restart systemd-resolved
Router / Home Network
Cause: Router DNS override, faulty firmware, or ISP DNS cached bad results.
Fix: Reboot router, update firmware, set router DNS to Cloudflare/Google/Quad9, disable DNS hijacking features.
Firewall / Network Blocking Port 53
Cause: Firewall rules (local or upstream) block UDP/TCP 53.
Fix: Ensure rules allow DNS traffic. On Linux servers, check iptables/nftables rules and allow port 53.
Sample firewall allow (iptables):
sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT
IPv6 Problems
Cause: System tries IPv6 resolver while VPN/ISP doesn't support IPv6.
Fix: Disable IPv6 temporarily or configure VPN/OS to prefer IPv4 for DNS. Better fix: enable IPv6 on VPN/resolve properly.
DNS Server Overloaded / Rate-Limited
Cause: High query volume, DDoS, or misconfigured rate-limiting.
Fix: Add caching layer (Unbound/dnsmasq), scale with Anycast/resolvers, enable rate limiting protection (RPZ, rate-limit settings).
Authoritative DNS Misconfiguration
Cause: Bad zone file, syntax errors, expired domain, wrong glue records.
Fix: Run named-checkzone, named-checkconf; check registrar NS records and glue records; ensure SOA serial correct; test from multiple global resolvers.
named-checkconf /etc/named.conf
DNSSEC Issues
Cause: Signature mismatch or missing DS records cause resolvers to drop responses.
Fix: Verify DNSSEC chain with dig +dnssec example.com and fix signatures or remove DNSSEC until fixed.
DoH/DoT / Encrypted DNS Interactions
Cause: Some apps use DoH/DoT bypassing system resolver, which can conflict with VPN or local controls.
Fix: Align browser DoH settings with system/VPN policy, or centralize DoH at network edge.
Fix Recipes (Copy-Paste Commands & Config Snippets)
Force DNS to Specific Resolver on Linux (Temporary)
If systemd manages resolv.conf, use:
iptables to Prevent DNS Outside VPN Tunnel
(Assume VPN interface tun0. This blocks port 53 unless through tun0.)
sudo iptables -A OUTPUT ! -o tun0 -p tcp --dport 53 -j DROP
Warning: Be careful — this can lock you out if incorrectly applied. Test in console with a way to revert.
BIND: Check and Reload Zone Safely
named-checkzone example.com /var/named/example.com.zone
rndc reload example.com
Unbound: Enable Verbose Logging and Test
Edit /etc/unbound/unbound.conf add:
verbosity: 4
Restart:
Query:
dnsmasq: Verify bind-address and cache-size
Check /etc/dnsmasq.conf:
cache-size=1000
Restart:
Server Software Checklist (BIND / Unbound / dnsmasq / PowerDNS / CoreDNS)
BIND (named)
Common issues: syntax errors, ACLs, exhausted file descriptors, chroot problems.
Useful commands:
named-checkzone
named-checkconf
Logs: /var/log/named/ or journalctl -u named
Unbound (Recursive Caching Resolver)
Often used as local cache to reduce external queries. Good for privacy (supports TLS, DNS over TLS).
Debugging:
Logs: journalctl -u unbound
dnsmasq (Simple Caching + DHCP)
Common in home routers. Ensure listen-address and bind-interfaces configured correctly.
Config: /etc/dnsmasq.conf
PowerDNS (Authoritative + Recursor)
Check backend DB (MySQL/Postgres) if authoritative data missing.
Recursor: check pdns_recursor logs.
CoreDNS (Kubernetes)
Check Kubernetes Service/Endpoint config and health probes.
Logs:
Advanced Testing & Diagnostics (Deep Dives)
Capture Traffic and Inspect Destination
Or capture to file:
Open dns.pcap in Wireshark and filter by 'dns'
Look for:
- Destination IPs (are queries leaving the VPN/subnet?)
- Retransmissions / timeouts
- ICMP unreachable messages (network blocking)
Use dig +trace to Find Where Name Resolution Breaks
Shows each step from root → TLD → authoritative. Where it fails reveals the problematic zone or server.
Check DNS from Multiple Global Vantage Points
Use online DNS checkers or run:
dig @1.1.1.1 example.com
Also test from a public VPS (e.g., an external server you control).
Check Authoritative NS Records & Glue
Then query each NS directly.
Mobile Devices (Android & iOS)
Android
Quick fix: Settings → Network & internet → Private DNS → set 1dot1dot1dot1.cloudflare-dns.com (DoH) or disable to use system DNS.
If using an app VPN, ensure app provides DNS leak protection.
iOS
Use VPN vendor app or configuration profile to set DNS.
iOS supports DNS-over-HTTPS / Private DNS through profiles or app-managed settings (some DNS apps like Cloudflare provide configuration).
Monitoring, Logging & Prevention (Recommended Production Practices)
Run a local caching resolver (Unbound or dnsmasq) on servers to reduce upstream queries.
Use Anycast + multiple POPs for public resolvers (for scale).
Enable monitoring: query latency, failure rate, served queries/sec (Prometheus + Grafana).
Alert on high SERVFAIL rates, high query failure rate, or backlog errors.
Log enough to diagnose but avoid logging full query payloads for privacy/volume reasons.
Periodically verify authoritative records, DNSSEC, and registrar settings (automation via scripts).
Security Hardening & Privacy
Use DoT / DoH
Encrypt DNS queries to prevent interception.
Prevent DNS Rebinding
Via proper server and app settings.
Enable Rate Limiting
And response-policy zones (RPZ) for blocking malware.
Avoid Forwarding
Don't forward client DNS to third-party resolvers without consent.
Example Incident Flows (How to Respond)
Incident A: Single User — "DNS Not Responding"
- Confirm device network connectivity (
ping 1.1.1.1). nslookup example.com— note server shown.ipconfig /flushdns(Windows) /sudo systemd-resolve --flush-caches(Linux).- Set manual DNS to 1.1.1.1 and retest. If fixed: identify local resolver issue.
Incident B: Many Users — Site Names Failing for Everyone
dig @1.1.1.1 site.com— if the authoritative servers don't respond, check domain registrar and authoritative NS.- Query each authoritative NS directly. If they fail, inspect server logs, BIND/PowerDNS process, firewall, and zone files.
Troubleshooting Checklist (Copyable)
ping 1.1.1.1
dig example.com
dig @1.1.1.1 example.com
tcpdump port 53
dig +dnssec
Frequently Asked Questions
Is it safe to use public DNS like 1.1.1.1?
Yes — big public resolvers (Cloudflare, Google, Quad9) are widely used. Choose based on privacy policy.
Should I disable IPv6 to fix DNS?
Only as a temporary diagnosis step. Proper fix is to have IPv6 aware DNS/VPN or configure resolver properly.
Why does a router reboot often fix DNS?
Many home routers have buggy DNS forwards or stale caches that a reboot clears.
My browser says "DNS server not responding". What do I do first?
Reboot router, test with 1.1.1.1, flush DNS cache, try another device. See Quick Triage section.
How do I test whether the problem is my ISP DNS or my local machine?
Use dig @1.1.1.1 example.com and dig @<ISP-DNS> example.com. Compare results.
I run a BIND server. How do I test my zone file?
Use named-checkzone and named-checkconf and then rndc reload.
Appendix: Quick Command Summary (Handy Copyable Cheatsheet)
Linux
Test resolver:
dig @1.1.1.1 example.com
Capture DNS:
Restart resolver:
Check listening:
macOS
Show DNS config:
Flush cache:
Test via dig:
Windows
Show DNS config:
Flush cache:
Test resolver:
BIND
Check config & zones:
named-checkzone example.com /var/named/example.com.zone
Reload zone:
Related Topics
What is DNS?
Learn the fundamentals of the Domain Name System
What is a DNS Server?
Understand DNS server types and functions
How to Flush DNS Cache
Clear your DNS cache to fix resolution issues
DNS Leak Test
Check if your VPN is leaking DNS requests
DNS Server List
Find secure and privacy-focused DNS providers
DNS Lookup Tool
Test DNS records and resolution
Need DNS Troubleshooting Help?
Use our DNS lookup tool to diagnose issues, or explore our complete DNS guide library.