Ubuntu DNS Troubleshooting: dig/nslookup and resolvectl Guide

DNS Troubleshooting - dig/nslookup
Reading time: ~12 min Level: Intermediate

What You'll Learn

  • How to determine if "domain not resolving" or "suddenly slow" is caused by DNS
  • How to check DNS settings actually used in Ubuntu (systemd-resolved / /etc/resolv.conf)
  • How to quickly identify DNS-related symptoms (SSH/apt/curl all failing)

Quick Summary

When DNS is suspect, follow this order:

  1. Can it resolve?: dig example.com +short
  2. Which DNS is being used?: resolvectl status (or /etc/resolv.conf)
  3. Try a specific DNS: dig @8.8.8.8 example.com +short
  4. Measure slowness: dig +stats / time dig ...
  5. Fix: DNS server config, systemd-resolved, or network issues

Table of Contents

  1. Typical DNS Symptoms
  2. First Check: Can It Resolve? (dig)
  3. Which DNS Server Is Being Used?
  4. Query a Specific DNS Server
  5. Measuring "Slow"
  6. Common Cause Patterns
  7. Quick Recovery Steps
  8. Error Examples and Interpretation
  9. Things to Avoid

Prerequisites

  • OS: Ubuntu
  • Target: Server beginners
  • Goal: Troubleshooting (prioritize isolation and recovery)

1. Typical DNS Symptoms

When DNS breaks, it looks like "everything is broken".

  • ssh user@hostname won't connect (but IP direct works)
  • curl https://example.com dies with Could not resolve host
  • apt update fails (can't resolve names)
  • Server can't access external APIs (but ping sometimes works)

Key Point: If IP direct works, DNS is likely the culprit.
If IP direct also fails, suspect something else (routing/firewall/listening).

2. First Check: Can It Resolve? (dig)

2-1. Minimal Check (A/AAAA Result)

$ dig example.com +short

Example output (IP returned):

93.184.216.34

If empty or timeout, DNS is suspect.

2-2. Reading Error Types (3 Common Ones)

  • NXDOMAIN: Name doesn't exist (typo/zone config error)
  • SERVFAIL: DNS server failure/validation error (DNSSEC related)
  • connection timed out; no servers could be reached: Can't reach DNS server (network/firewall/config)

3. Which DNS Server Is Being Used? (Ubuntu Trap)

Ubuntu uses different DNS sources depending on the environment:

  • systemd-resolved manages it (common)
  • NetworkManager manages it
  • /etc/resolv.conf directly (but often a symlink)

3-1. If resolvectl Is Available (Priority)

$ resolvectl status

Key points:

  • DNS Servers: (actual query targets)
  • Current DNS Server: (currently in use)

3-2. Check /etc/resolv.conf (Often a Symlink)

$ cat /etc/resolv.conf
$ ls -la /etc/resolv.conf

Example output:

nameserver 127.0.0.53

This is the systemd-resolved local stub. Actual upstream DNS is in resolvectl status.

4. Query a Specific DNS Server

4-1. Google Public DNS

$ dig @8.8.8.8 example.com +short

4-2. Cloudflare

$ dig @1.1.1.1 example.com +short

4-3. Interpreting Results

  • Works with specified DNS → Your configured DNS is broken/unreachable
  • Fails even with specified DNS → Problem upstream (network/routing/egress)

"My DNS fails but 8.8.8.8 works" → Changing DNS server settings will likely fix it.

5. Measuring "Slow" (Feelings Lie)

"Resolves but slow" happens often. Measure with numbers.

5-1. View dig Statistics

$ dig example.com +stats

Look for this line at the end:

Query time: 250 msec

5-2. Measure Multiple Times with time

$ time dig example.com +short
$ time dig example.com +short
  • Only first is slow → Cache/initial resolution
  • Always slow → DNS quality/network/MTU/egress issues

6. Common Cause Patterns

Pattern 1: systemd-resolved Is Dead

$ systemctl status systemd-resolved
$ sudo systemctl start systemd-resolved
$ sudo journalctl -u systemd-resolved -n 200

Pattern 2: DNS Server Is Down/Far

dig @8.8.8.8 ... is fast → Your DNS server is slow/failing

Pattern 3: Firewall Blocking 53/UDP

dig @8.8.8.8 times out → May not be able to reach external DNS

Pattern 4: Search Domain Causing Delays

Short hostnames try multiple searches, causing slowness.

7. Quick Recovery Steps (Safety First)

7-1. First Record Current State

$ date
$ resolvectl status || true
$ cat /etc/resolv.conf

7-2. Emergency Fix: Edit /etc/resolv.conf Directly (Not Recommended But Fast)

Warning: May be overwritten. Not a permanent fix.

$ sudo cp -a /etc/resolv.conf /etc/resolv.conf.bak
$ printf "nameserver 1.1.1.1\nnameserver 8.8.8.8\n" | sudo tee /etc/resolv.conf
$ dig example.com +short

To revert:

$ sudo cp -a /etc/resolv.conf.bak /etc/resolv.conf

8. Error Examples and Interpretation

8-1. dig example.com Returns NXDOMAIN

Domain typo, DNS zone not configured, transfer issue

8-2. dig @8.8.8.8 Also Times Out

Can't reach external at all / port 53 blocked

8-3. "Resolves But Slow"

DNS server quality, search domains, IPv6/AAAA wait, routing

9. Things to Avoid

Don't: Treat /etc/resolv.conf as Permanent Without Knowing the Cause

It often gets overwritten, causing confusion after reboot.

Don't: Assume DNS Issues Are "App Bugs" and Waste Time

If IP direct works, DNS is the likely cause. Check DNS first.

Don't: Skip Measuring When It's Slow

Use dig +stats to see Query time. Feelings are unreliable.

Copy-Paste Template

# 1) Can it resolve?
dig example.com +short

# 2) DNS settings (systemd-resolved assumed)
resolvectl status || true
cat /etc/resolv.conf

# 3) Query specific DNS (comparison)
dig @1.1.1.1 example.com +short
dig @8.8.8.8 example.com +short

# 4) Measure slowness
dig example.com +stats
dig A example.com +stats
dig AAAA example.com +stats

Summary

  • "Slow" DNS is trickier than "not resolving". Measure and decompose.
  • digresolvectldig @DNS is the fastest path
  • For quick recovery, temporarily changing DNS works, but permanent fixes need proper config

Related Articles

Test Environment

Commands in this article were tested on Ubuntu 24.04 LTS / bash 5.2.

Next Reading