supdns

Troubleshooting DNS

A practical guide to diagnosing and resolving the most common domain name issues.

Decoding Error Codes

NXDOMAIN

Non-Existent Domain

The domain does not exist. Check for typos or verify the domain is registered and active at your registrar.

SERVFAIL

Server Failure

The resolver was unable to get an answer. Often caused by DNSSEC validation failures or dead authoritative nameservers.

REFUSED

The nameserver refused to perform the query, often due to policy restrictions (e.g., trying to use an authoritative server as a recursive resolver).

NOERROR (Empty Answer)

The domain exists, but the specific record type you requested (e.g., AAAA) does not exist for that name.

Mastering the `dig` Command

The Domain Information Groper (`dig`) is the gold standard for DNS troubleshooting.

# Basic lookup

dig example.com

# Query a specific nameserver (bypass cache)

dig @1.1.1.1 example.com

# Trace the delegation path from the root

dig example.com +trace

# Short answer only

dig example.com +short

Propagation Myths

DNS doesn't "propagate" in a linear fashion. It's all about TTL (Time to Live).

When you change a record, resolvers that have the old record cached will wait until the TTL expires before fetching the new one.

Pro Tip: Lower your TTL to 300 seconds (5 minutes) 24 hours before making a planned change.

Flushing Your Cache

macOS:

sudo killall -HUP mDNSResponder

Windows:

ipconfig /flushdns

Chrome:

chrome://net-internals/#dns