How do I monitor for DNS issues?

UptimeSignal monitors your endpoints by resolving DNS as part of each check. If DNS resolution fails, you get alerted immediately. This catches expired domains, deleted DNS records, and DNS provider outages. For deeper DNS monitoring, also track your nameserver availability and record consistency across providers.

DNS Errors: NXDOMAIN, SERVFAIL, and Resolution Failures

Q: What causes DNS resolution errors?

DNS errors occur when a domain name can't be resolved to an IP address. Causes include: domain not registered or expired (NXDOMAIN), misconfigured DNS records, DNS server outage (SERVFAIL), DNS propagation delays after changes, local DNS cache issues, or firewall blocking DNS queries on port 53.

Q: What does NXDOMAIN mean?

NXDOMAIN (Non-Existent Domain) means the DNS server authoritatively says the domain doesn't exist. Causes: typo in the domain name, domain expired and not renewed, DNS records deleted, or the domain was never registered. Check with 'dig domain.com' or 'nslookup domain.com'.

Q: How long does DNS propagation take?

DNS propagation typically takes 5 minutes to 48 hours, depending on TTL values. Records with low TTLs (300s) propagate faster. Before making DNS changes, lower the TTL in advance. Check propagation with 'dig @8.8.8.8 domain.com' (Google DNS) vs 'dig @1.1.1.1 domain.com' (Cloudflare DNS) to compare different resolvers.

Q: How do I flush my DNS cache?

macOS: 'sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder'. Windows: 'ipconfig /flushdns'. Linux: 'sudo systemd-resolve --flush-caches' or 'sudo resolvectl flush-caches'. Chrome: visit chrome://net-internals/#dns and click Clear host cache. This forces fresh DNS lookups instead of using stale cached records.

What is DNS?

DNS (Domain Name System) translates domain names like example.com into IP addresses like 93.184.216.34. When DNS fails, browsers can't connect to servers.

ERR_NAME_NOT_RESOLVED
This site can't be reached
example.com's server IP address could not be found.

Common DNS Errors

Error	Meaning
NXDOMAIN	Domain doesn't exist
SERVFAIL	DNS server failed to respond
REFUSED	DNS server refused query
TIMEOUT	DNS query timed out

Diagnosing DNS Issues

# Basic DNS lookup
dig example.com
nslookup example.com

# Query specific DNS server
dig @8.8.8.8 example.com
dig @1.1.1.1 example.com

# Get all record types
dig example.com ANY

# Check specific record types
dig example.com A      # IPv4 address
dig example.com AAAA   # IPv6 address
dig example.com MX     # Mail servers
dig example.com NS     # Name servers
dig example.com CNAME  # Alias

# Trace DNS resolution path
dig +trace example.com

# Check local DNS cache (macOS)
sudo dscacheutil -flushcache

# Check local DNS cache (Windows)
ipconfig /displaydns
ipconfig /flushdns

NXDOMAIN - Domain Not Found

The authoritative DNS server says this domain doesn't exist. Causes:

Typo in domain: Check spelling carefully
Domain expired: Renew through registrar
Nameservers not set: Configure NS records at registrar
Recently registered: Wait for propagation

# Check if domain is registered
whois example.com | grep -i "expir"

# Check nameservers at registrar level
dig NS example.com @a.gtld-servers.net

SERVFAIL - Server Failure

The DNS server encountered an error processing the query. Causes:

DNSSEC validation failed: Incorrect DNSSEC signatures
Nameserver misconfigured: Zone file has errors
Upstream DNS issue: Try a different resolver

# Check DNSSEC status
dig +dnssec example.com

# Try without DNSSEC validation
dig +cd example.com  # Check Disabled

# Test with different resolvers
dig @8.8.8.8 example.com
dig @1.1.1.1 example.com
dig @9.9.9.9 example.com

DNS Propagation

DNS changes can take up to 48 hours to propagate globally due to caching.

TTL (Time To Live)

Each DNS record has a TTL that tells resolvers how long to cache it. After changing records, wait for the old TTL to expire.

# Check current TTL
dig example.com | grep -E "^example.com"
# Output: example.com.  300  IN  A  93.184.216.34
#                       ^^^  TTL in seconds (5 minutes)

# Before making changes, lower TTL to 60-300 seconds
# Then wait for old TTL to expire before making the change

Common Fixes

Flush local cache: Clear your computer's DNS cache
Try different resolver: Use 8.8.8.8 or 1.1.1.1
Check registrar settings: Verify NS records are correct
Verify zone file: Check for syntax errors
Wait for propagation: Give it 1-48 hours

DNS Providers

Resolver	IP Address
Google Public DNS	8.8.8.8, 8.8.4.4
Cloudflare DNS	1.1.1.1, 1.0.0.1
Quad9	9.9.9.9
OpenDNS	208.67.222.222

How to Monitor for DNS Issues

DNS failures make your entire site unreachable. UptimeSignal resolves DNS as part of every check, alerting you immediately when resolution fails. This catches expired domains, deleted records, and DNS provider outages. See also: Connection Refused, Timeout Errors.

Frequently Asked Questions

What causes DNS resolution errors?

DNS errors happen when a domain can't be resolved to an IP address. Causes: domain not registered or expired (NXDOMAIN), misconfigured DNS records, DNS server outage (SERVFAIL), propagation delays after changes, local DNS cache issues, or firewall blocking DNS on port 53.

What does NXDOMAIN mean?

NXDOMAIN (Non-Existent Domain) means the authoritative DNS server confirms the domain doesn't exist. Causes: typo in the domain, domain expired, DNS records deleted, or domain never registered. Check with dig domain.com or nslookup domain.com.

How long does DNS propagation take?

Typically 5 minutes to 48 hours, depending on TTL values. Low TTLs (300s) propagate faster. Before changes, lower the TTL in advance. Compare resolvers: dig @8.8.8.8 domain.com (Google) vs dig @1.1.1.1 domain.com (Cloudflare) to check propagation progress.

How do I flush my DNS cache?

macOS: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder. Windows: ipconfig /flushdns. Linux: sudo systemd-resolve --flush-caches. Chrome: visit chrome://net-internals/#dns and clear. This forces fresh lookups instead of stale cached records.

What is the difference between NXDOMAIN and SERVFAIL?

NXDOMAIN means the domain definitively doesn't exist (authoritative answer). SERVFAIL means the DNS server failed to process the query -- it doesn't know if the domain exists. NXDOMAIN is usually a domain/config issue. SERVFAIL is usually a DNS server outage, DNSSEC validation failure, or network issue reaching the authoritative nameserver.

DNS Resolution Errors