Common DNS Errors and How to Fix Them

DNS errors are among the most common reasons websites become unreachable. Understanding what each error means and how to fix it can save hours of frustration. This guide covers the DNS errors you are most likely to encounter.

NXDOMAIN (Non-Existent Domain)

What it means: The domain name does not exist in DNS. The authoritative nameserver has confirmed that no records exist for this name.

Common causes:

• Typo in the domain name.
• Domain registration has expired.
• DNS records have been deleted but the domain still exists.
• Subdomain was never created (e.g., querying app.example.com when no record exists).

How to fix:

1. Verify the domain spelling.
2. Check domain registration status with a WHOIS lookup.
3. Confirm the DNS record exists at your DNS provider.
4. If the domain just expired, renew it — most registrars offer a grace period.

SERVFAIL (Server Failure)

What it means: The DNS resolver tried to reach the authoritative nameserver but could not get a valid response.

Common causes:

• Authoritative nameserver is down or unreachable.
• DNSSEC validation failure — the DNS response signatures do not match.
• Misconfigured nameserver delegation (registrar points to nameservers that do not host the zone).

How to fix:

1. Check if your nameserver is responding: dig @ns1.provider.com example.com
2. Verify nameserver delegation at your registrar matches your actual DNS provider.
3. If using DNSSEC, check for validation errors with dig +dnssec example.com.
4. Contact your DNS provider if the nameserver itself is experiencing issues.

REFUSED

What it means: The DNS server received the query but refused to answer it.

Common causes:

• Querying a nameserver that is not authoritative for the domain and does not allow recursive queries.
• Firewall or access control rules blocking the query.
• The DNS zone is not properly loaded on the server.

How to fix:

1. Ensure you are querying the correct nameserver for the domain.
2. Use a public resolver like 8.8.8.8 or 1.1.1.1 instead of querying the authoritative server directly.
3. Check your DNS provider to verify the zone is active and properly configured.

TIMEOUT (No Response)

What it means: The DNS query was sent but no response was received within the timeout period.

Common causes:

• DNS server is down or overloaded.
• Firewall blocking UDP port 53 or TCP port 53.
• Network connectivity issues between the resolver and the authoritative server.
• DDoS attack on the DNS infrastructure.

How to fix:

1. Try a different DNS resolver to rule out local network issues.
2. Check if the nameserver is reachable: ping ns1.provider.com
3. Check your firewall rules for DNS traffic.
4. If the problem is on the provider's side, check their status page or contact support.

DNS_PROBE_FINISHED_NXDOMAIN (Browser Error)

What it means: Your browser's DNS resolution returned NXDOMAIN. This is Chrome's way of showing the NXDOMAIN error.

How to fix:

1. Flush your local DNS cache: ipconfig /flushdns (Windows) or sudo dscacheutil -flushcache (macOS).
2. Try a different DNS resolver (change your system DNS to 8.8.8.8 or 1.1.1.1).
3. Clear your browser's DNS cache at chrome://net-internals/#dns.
4. If only you experience the issue, check your local hosts file for conflicting entries.

Propagation Delays

What it means: You changed your DNS records, but some users still see the old records.

Common causes:

• DNS records are cached for the duration of their TTL. If your old records had a 24-hour TTL, it can take up to 24 hours for changes to propagate globally.
• Some ISPs aggressively cache DNS beyond the TTL.

How to fix:

1. Wait for the old TTL to expire. There is no way to force all caches worldwide to clear.
2. For future changes, lower the TTL to 300 seconds (5 minutes) at least 24 hours before making changes.
3. Use our Nameserver Lookup Tool to check propagation status from different locations.

General DNS Troubleshooting Steps

1. Identify the error — Use dig or nslookup to see the exact DNS response code.
2. Check locally — Flush your DNS cache and try again.
3. Use a public resolver — Query 8.8.8.8 or 1.1.1.1 to rule out local resolver issues.
4. Query the authoritative server directly — Use dig @ns1.provider.com example.com to bypass caches.
5. Verify the chain — Check registrar nameserver delegation, then DNS provider zone records.

Most DNS errors come down to misconfigured records, expired domains, or caching. Methodical troubleshooting using the steps above will resolve the vast majority of issues you encounter.