Are you trying to troubleshoot DNS issues?
This guide is for you.
DNS problems may stop you from being able to visit Web sites. If you're having problems connecting, it doesn't take much work to see if DNS is the cause, and if it is, to try to fix it.
If your HOSTS file contains an incorrect or outdated listing, you won't be able to connect.
DNS or Domain Name System refers to the mapping of a domain name to an IP address or vice versa. And BIND (Berkeley Internet Name Domain), is the widely used DNS server on UNIX and Linux.
If the DNS server fails, we will not be able to browse the website and it will show a server not found error.
It is important that we troubleshoot and fix DNS issues as fast as possible to avoid downtime of websites.
What is a DNS problem?
If basic troubleshooting didn't solve your problems, it may be time for more in-depth DNS troubleshooting.
The following are some common DNS problems that could be causing the blockage:
1. Check the TCP/IP settings:
These settings define how your computer communicates with others. You may have recently changed these settings and tried to input them manually.
Go to your computer’s networking or control panel and find “Manage network connections.” Under “Local Area Connections,” “Properties,” find and click on both IPv6 and IPv4 “Properties.” Make sure that each is set to “Obtain an IP address automatically” and “Obtain DNS servers address automatically.”
2. Flush your DNS cache:
The DNS cache is where your computer stores networking information on recent visits and attempts to connect to web domains. The cache can become corrupted with inaccurate information. To flush, or clear, this cache, enter ipconfig /flushdns into the command prompt. The next time you revisit a website, the DNS cache will have to renew the DNS information.
3. Renew your domain name:
Is your web address working but redirecting to a strange website? It’s likely you forgot to renew your domain name. It happens to the best of us—even Google briefly lost “google.com” in 2015 when it forgot to renew. Your best bet is to quickly contact the registrar, as many will wait 20 – 30 days after a domain expires before auctioning it off.
What are some common causes of DNS issues?
When it comes to network performance, a few common issues may affect user connectivity and lead to DNS errors.
For troubleshooting DNS issues, you may want to consider how the following factors could be impacting your clients:
1) Time to live (TTL)
Time to live is the expiration date attached to data in networking. When a caching (recurring) server queries the authoritative name server for any DNS records, the authoritative name server tells the caching server how long those records are good for—which is usually between a few minutes and one day. Until the TTL expires, the caching server will not query the authoritative name server for that same data again but will assume the records are still good.
You can see how this could affect DNS issues. If your DNS records change but your TTL is too high, there will be a delay as the caching server continues to send incorrect records to users until the TTL expires. On the other hand, if the TTL is too low it could overwhelm the authoritative name server with unnecessary queries.
If you are planning on updating DNS records, lower your TTL temporarily before you do so to ensure that users will receive updated data quickly. Servers sometimes don’t recognize a TTL of less than 30 seconds; five minutes (300s) is a typical short TTL.
In general, use short TTLs for records that are updated frequently, and longer TTLs for more steady records. Records that rarely change and should have longer TTLs of a day (86400s) include MX and TXT.
2) DNS latency
Latency refers to the time it takes queries to be transmitted and returned. When users complain of “the internet being slow today,” they are talking about high latency. DNS issues can be a big part of latency.
One major factor affecting your network speeds is simply the distance that data must travel, but you can potentially improve latency by checking on whether your DNS servers have a centralized or decentralized structure. Consider other providers if your DNS servers are all located significantly far from your users.
TTL also plays a role in latency. As mentioned before, keep TTLs high for consistent DNS records to reduce unnecessary queries.
3) DDOS attack
If you’ve thoroughly checked your network and don’t think the problems are on your end, it might be a problem with your ISP’s DNS servers. Give them a call and let them know. If they confirm a problem with their DNS servers, don’t be afraid to be persistent in following up until the problem is solved.
This might be the worst-case scenario, but if a sudden surge of traffic crashes your site, you may be the victim of a distributed denial of service attack. This is essentially a DNS issue in the sense that it overwhelms the servers. Contact your web host immediately and ask for a new IP. Clear your logs and make sure that your new records match the new IP.
Tips to troubleshoot DNS issues ?
The following are some of the methods that our Support techs follow for troubleshooting this issue:
1. Checking DNS with utilities
We can use the host and dig utilities to check the proper resolution of the domain.
This tool allows us to check whether the domain is pointing correctly.
We can check this with the following command:
$ host ourdomain.com
The "dig" tool performs DNS lookups and displays the answers that are returned from the nameserver(s) that were queried.
We can dig our domain with the following command:
$ dig ourdomain.com
2. Port 53 open and listing requests
By default, BIND listens to DNS queries on port 53.
We can check whether port 53 is open and listening to the requests.
This can be done using the following tools:
a. Using telnet
We can check whether we are able to connect to port 53 via telnet from a remote computer or not by using the following command:
$ telnet remote_server-ip 53
b. Using netstat
We can use the netstat command to list port 53 on the server itself with the following command:
$ netstat -plan | grep :53
c. Ensure that iptables firewall is not blocking the requests on the server.
We can do this using the following command:
$ iptables -L -n
d. Checking whether the DNS service is running or not.
This can be done using the following commands:
$ /etc/init.d/named status
If named is not running, we can start it using the following command:
$ /etc/init.d/named start
3. Checking the log files
The error messages will be available on the named log file. We can check the log file to know the exact reason for the DNS issue.
The following command can be used to check the logs:
$ tail -f /var/log/messages
4. Check configuration file for errors
Errors in /etc/named.conf can also be a reason for inadequate DNS resolution.
We can check those errors using the named-checkconf command, which is named (BIND) configuration file syntax checking tool.
$ named-checkconf /etc/named.conf
If named-checkconf did not find any errors it will not display in output on the screen.
5. Check zone file for errors
Zone file syntax errors can be one important reason for DNS failure. The zone file validity checking tool in a bind is “named-checkzone”. It checks the syntax and integrity of a zone file.
We can use the following command to check this.
$ named-checkzone ourdomain.com /var/named/ourdomain.com.db