"The internet is down." I hear this at least twice a week from clients. And about half the time, it's not the internet at all. It's DNS.
Your connection is fine. Your router is fine. But DNS has stopped resolving, so every website looks unreachable. The good news is this is usually fixable in a few minutes once you know where to look.
Step 1: Confirm it's actually DNS
Before you start changing settings, make sure DNS is the problem and not something else:
ping 8.8.8.8
If this works (you get replies), your internet connection is fine. The problem is DNS. If this fails too, it's a connectivity issue - check your router, cable, WiFi, etc.
You can also try:
curl -I http://1.1.1.1
If you get an HTTP response back, you have connectivity. DNS is the culprit.
Step 2: Check what DNS server you're using
On Linux/macOS:
cat /etc/resolv.conf
On Windows:
ipconfig /all | findstr "DNS"
This tells you which DNS server your machine is talking to. If it's your router's IP (like 192.168.1.1), your router is forwarding queries to whatever your ISP assigned. If it's something like 8.8.8.8, you've set it manually at some point.
Step 3: Test the DNS server directly
Use dig to query the DNS server and see what happens:
dig @8.8.8.8 google.com
If this returns an answer with an IP address, that DNS server is working fine. Try it with whatever server showed up in Step 2:
dig @192.168.1.1 google.com
This comes up a lot when I'm working with local businesses, and no response? Timeout? That's your problem. Your DNS server is either down or unreachable.
In fairness, if you don't have dig installed (common on Windows), you can use the online dig tool at publicdns.info - it does the same thing from a browser without installing anything. Supports all record types too, which is handy for checking MX records, TXT records, and the rest.
Step 4: Try a different DNS server
The quickest fix when your DNS server is misbehaving: switch to a different one temporarily.
# Linux - temporary fix
echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf
On Windows, go to your network adapter settings and manually set DNS to 1.1.1.1 or 8.8.8.8.
If everything starts working immediately, you've confirmed the problem was with your original DNS server.
Step 5: Flush your DNS cache
Sometimes your machine has cached a bad or stale DNS response. Clearing the cache forces it to do fresh lookups:
# Windows
ipconfig /flushdns
# macOS
sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder
# Linux (systemd)
sudo systemd-resolve --flush-caches
# Linux (nscd)
sudo systemctl restart nscd
After flushing, try loading a website again. If it works now, a stale cache was the issue.
Step 6: Check for DNS hijacking
Some ISPs and networks intercept DNS queries and redirect them to their own servers, even if you've configured different DNS. This is called DNS hijacking and it's more common than you'd think.
Test it:
dig @1.1.1.1 whoami.cloudflare.com TXT
The response should say "resolver IP" matches Cloudflare. If it shows a different IP, something between you and Cloudflare is intercepting your queries.
The fix: use DNS over HTTPS (DoH) or DNS over TLS (DoT), which encrypts your queries so they can't be intercepted. Most modern browsers support DoH natively now.
Step 7: Check if it's just one domain
If most sites work but one specific domain doesn't resolve, the problem might be with that domain's DNS, not yours.
dig example.com @8.8.8.8
dig example.com @1.1.1.1
dig example.com @9.9.9.9
If all three return the same error (NXDOMAIN or SERVFAIL), the domain's DNS records are broken on their end. Nothing you can do except wait or contact the site owner.
If some resolvers work and others don't, it could be a propagation issue - the domain recently changed DNS records and not all servers have the update yet. You can check this with a propagation checker that queries servers in different locations simultaneously.
Common DNS problems and what causes them
| Symptom | Likely cause |
|---|---|
| Everything stops resolving at once | DNS server down, or your router lost its DNS config |
| One device can't resolve, others can | That device's DNS cache is stale, or it has wrong DNS settings |
| Slow DNS lookups (pages load eventually) | DNS server is overloaded or far away geographically |
| Some domains resolve, others don't | DNS filtering/blocking, or propagation delays |
| DNS works on WiFi but not on VPN | VPN is using a different DNS server that's misconfigured |
| "Server not found" only in one browser | Browser-level DoH settings overriding system DNS |
When to worry (and when not to)
If flushing the cache or switching DNS fixes it, you're grand. It was a temporary glitch.
If DNS keeps breaking repeatedly, that's a sign of a deeper issue - maybe your router's firmware needs updating, your ISP's DNS is consistently unreliable, or there's something on the network intercepting queries. At that point, setting up a local DNS resolver like Pi-hole gives you full control and logging so you can see exactly what's happening.
Quick reference
-
ping 8.8.8.8- test connectivity (not DNS) -
dig @8.8.8.8 google.com- test a specific DNS server -
ipconfig /flushdnsor equivalent - clear DNS cache - Switch DNS to 1.1.1.1 or 8.8.8.8 - bypass a broken server
- Check publicdns.info/tools/dig if you can't use the terminal
That covers about 90% of DNS issues I see in the field. The other 10% is usually something weird and specific to the network, but these steps will at least narrow down where the problem is.
Top comments (0)