Ubuntu DNS Troubleshooting - dig, nslookup, and resolvectl Guide

2025-12-16 Reading time: About 12 min Difficulty: Intermediate

What You'll Learn

How to determine if "domain not resolving" or "suddenly slow" is caused by DNS
How to check DNS settings actually used in Ubuntu (systemd-resolved / /etc/resolv.conf)
How to quickly identify DNS-related symptoms (SSH/apt/curl all failing)

Quick Summary

When DNS is suspect, follow this order:

Can it resolve?: dig example.com +short
Which DNS is being used?: resolvectl status (or /etc/resolv.conf)
Try a specific DNS: dig @8.8.8.8 example.com +short
Measure slowness: dig +stats / time dig ...
Fix: DNS server config, systemd-resolved, or network issues

Prerequisites

OS: Ubuntu
Target: Server beginners
Goal: Troubleshooting (prioritize isolation and recovery)

1. Typical DNS Symptoms

Conclusion: When SSH, curl, and apt all fail but direct IP works, DNS is the likely culprit.

When DNS breaks, it looks like "everything is broken".

ssh user@hostname won't connect (but IP direct works)
curl https://example.com dies with Could not resolve host
apt update fails (can't resolve names)
Server can't access external APIs (but ping sometimes works)

Key Point: If IP direct works, DNS is likely the culprit. If IP direct also fails, suspect something else (routing/firewall/listening).

2. First Check: Can It Resolve? (dig)

Conclusion: Run dig example.com +short first — empty or timeout confirms DNS is broken.

2-1. Minimal Check (A/AAAA Result)

$ dig example.com +short

Example output (IP returned):

93.184.216.34

If empty or timeout, DNS is suspect.

2-2. Reading Error Types (3 Common Ones)

NXDOMAIN: Name doesn't exist (typo/zone config error)
SERVFAIL: DNS server failure/validation error (DNSSEC related)
connection timed out; no servers could be reached: Can't reach DNS server (network/firewall/config)

3. Which DNS Server Is Being Used? (Ubuntu Trap)

Conclusion: resolvectl status shows the real DNS server — resolv.conf often shows stub.

Ubuntu uses different DNS sources depending on the environment:

systemd-resolved manages it (common)
NetworkManager manages it
/etc/resolv.conf directly (but often a symlink)

3-1. If resolvectl Is Available (Priority)

$ resolvectl status

Key points:

DNS Servers: (actual query targets)
Current DNS Server: (currently in use)

3-2. Check /etc/resolv.conf (Often a Symlink)

$ cat /etc/resolv.conf
$ ls -la /etc/resolv.conf

Example output:

nameserver 127.0.0.53

This is the systemd-resolved local stub. Actual upstream DNS is in resolvectl status.

4. Query a Specific DNS Server

Conclusion: dig @8.8.8.8 working but local DNS failing means the DNS server is broken.

4-1. Google Public DNS

$ dig @8.8.8.8 example.com +short

4-2. Cloudflare

$ dig @1.1.1.1 example.com +short

4-3. Interpreting Results

Works with specified DNS -> Your configured DNS is broken/unreachable
Fails even with specified DNS -> Problem upstream (network/routing/egress)

"My DNS fails but 8.8.8.8 works" -> Changing DNS server settings will likely fix it.

5. Measuring "Slow" (Feelings Lie)

Conclusion: Use dig +stats for query time — consistent slowness points to the DNS server.

"Resolves but slow" happens often. Measure with numbers.

5-1. View dig Statistics

$ dig example.com +stats

Look for this line at the end:

Query time: 250 msec

5-2. Measure Multiple Times with time

$ time dig example.com +short
$ time dig example.com +short

Only first is slow -> Cache/initial resolution
Always slow -> DNS quality/network/MTU/egress issues

6. Common Cause Patterns

Conclusion: Patterns: dead systemd-resolved, slow upstream, port 53 blocked, and search lag.

Pattern 1: systemd-resolved Is Dead

$ systemctl status systemd-resolved
$ sudo systemctl start systemd-resolved
$ sudo journalctl -u systemd-resolved -n 200

Pattern 2: DNS Server Is Down/Far

dig @8.8.8.8 ... is fast -> Your DNS server is slow/failing

Pattern 3: Firewall Blocking 53/UDP

dig @8.8.8.8 times out -> May not be able to reach external DNS

Pattern 4: Search Domain Causing Delays

Short hostnames try multiple searches, causing slowness.

7. Quick Recovery Steps (Safety First)

Conclusion: Record resolvectl status before any resolv.conf edit — it is temporary.

7-1. First Record Current State

$ date
$ resolvectl status || true
$ cat /etc/resolv.conf

7-2. Emergency Fix: Edit /etc/resolv.conf Directly (Not Recommended But Fast)

Warning: May be overwritten. Not a permanent fix.

$ sudo cp -a /etc/resolv.conf /etc/resolv.conf.bak
$ printf "nameserver 1.1.1.1\nnameserver 8.8.8.8\n" | sudo tee /etc/resolv.conf
$ dig example.com +short

To revert:

$ sudo cp -a /etc/resolv.conf.bak /etc/resolv.conf

8. Error Examples and Interpretation

Conclusion: NXDOMAIN means no name; @8.8.8.8 timeout means egress blocked; slow is server.

8-1. dig example.com Returns NXDOMAIN

Domain typo, DNS zone not configured, transfer issue

8-2. dig @8.8.8.8 Also Times Out

Can't reach external at all / port 53 blocked

8-3. "Resolves But Slow"

DNS server quality, search domains, IPv6/AAAA wait, routing

9. Things to Avoid

Conclusion: Never treat resolv.conf edits as permanent or skip dig +stats measurement.

Don't: Treat /etc/resolv.conf as Permanent Without Knowing the Cause

It often gets overwritten, causing confusion after reboot.

Don't: Assume DNS Issues Are "App Bugs" and Waste Time

If IP direct works, DNS is the likely cause. Check DNS first.

Don't: Skip Measuring When It's Slow

Use dig +stats to see Query time. Feelings are unreliable.

Copy-Paste Template

# 1) Can it resolve?
dig example.com +short

# 2) DNS settings (systemd-resolved assumed)
resolvectl status || true
cat /etc/resolv.conf

# 3) Query specific DNS (comparison)
dig @1.1.1.1 example.com +short
dig @8.8.8.8 example.com +short

# 4) Measure slowness
dig example.com +stats
dig A example.com +stats
dig AAAA example.com +stats

Summary

"Slow" DNS is trickier than "not resolving". Measure and decompose.
dig -> resolvectl -> dig @DNS is the fastest path
For quick recovery, temporarily changing DNS works, but permanent fixes need proper config