-
10 Ways to Troubleshoot DNS Resolution
Issues
by David Davis [Published on 17 June 2009 / Last Updated on 17
June 2009]
10 different ways to troubleshoot DNS resolutions issues.
Introduction
We all need proper DNS resolution for our network applications.
When it this is not working,
what do you do? Let us find out
Lets face it, when DNS resolution is not working, using anything
on your computer that has to do with networking is painful because
there is good chance it will not work. DNS really is
not a nice feature of a network, it is a requirement. As a
network admin, I have heard the alarming cry of end users moaning
that the network is down, when it would be the cause of
the DNS servers. In these cases I assure them that the network
is up and running fine but it is
the DNS servers that are down! As you can imagine, that does not
go over very well with
them because to an end user, it is all the same thing. DNS is
the network (not that they know what DNS is anyway).
So how do you troubleshoot this critical network infrastructure
service when you are on an
end user PC (or your PC) and DNS is not resolving a DNS name?
Here are the 10 tips and
tricks that I recommend you try to get DNS working again
1. Check for network connectivity
Many times, if you open your web browser, go to a URL, and that
URL fails to bring up a
website, you might erroneously blame DNS. In reality, the issue
is much more likely to be
caused by your network connectivity. This is especially true if
you are using wireless
networking on a laptop. With wireless security protocols, the
key will be periodically
renegotiated or the signal strength will fade, causing a loss of
network connectivity. Of
course, you can lose network connectivity on any type of
network.
In other words, before blaming DNS for your problems, start
troubleshooting by checking
OSI Layer 1 Physical first and then check your network
connectivity. Here you should find a wireless connection with a
valid Internet connection.
-
Figure 1: Good Wireless Network Connection
Notice how the Access is Local and Internet. If it just said
Local then you do not have a valid network address (you only have a
private APIPA that starts with 169.x.x.x).
This brings me to my next point. Make sure that you have a valid
IP address on your network.
You can check this out by going to View Status on the screen
above and then to Details, you
can check your IP address and verify your DNS Server IP
addresses. Again, if you have a
169.x.x.x IP address you will never get to the Internet. Here is
what it looks like:
-
Figure 2: Verifying your IP address and DNS Server IP
addresses
2. Verify your DNS server IP addresses are correct and in
order
Once you know that you have network connectivity and a valid IP
address, let us move on to
digging deeper into DNS by verifying that your DNS Server IP
addresses are correct and are
in the right order.
If you look at Figure 2 above, you can see the IPv4 DNS Server
IP addresses. Notice that
these are both on my local LAN / subnet so that I can access
them even if my default gateway
is down. This is how it works on most enterprise networks.
However, your DNS servers do
not always have to be on your subnet. In fact, with most ISPs,
the DNS Server IPs would not
even be on the same subnet as the default gateway.
In most home/SMB router configurations, they do not have their
own DNS servers and the
SMB router is proxying DNS to the real DNS Servers. In that
case, your DNS Server IP
address may be the same as your router.
Finally, make sure that your DNS Servers are in the right order.
In my case, with the graphic
in Figure 2, my local DNS Server is 10.0.1.20. It is configured
to forward any names that it
cannot resolve to 10.0.1.1, my local router. That router is
proxying DNS to my ISPs DNS Servers. I can look up those DNS
Servers on my router, shown below in Figure 3.
-
Figure 3: My local DNS Servers, received from my ISP via
DHCP
That brings me to two more points. First, make sure that your
DNS Servers are in the right
order. If you have a local DNS Server, like I do, and you are
looking up a local DNS name,
you want your PC client to lookup that local DNS name in the
local DNS Server FIRST,
before the Internet DNS Server. Thus, your local DNS server
needs to be first in your DNS
settings as these DNS Server IPs are in the order that they will
be used.
Secondly, you should be able to ping the IP address of your ISPs
DNS Servers. So, just as my DNS servers are listed above on my
router, I can verify that I can ping them even from
my local PC:
-
Figure 4: Pinging my ISPs DNS Server
Notice how the response time from the ping to my ISPs DNS Server
is horrible. This could cause slow DNS lookups or even failure if
it takes too long for the DNS server to respond.
3. Ping the IP address of the host you are trying to get to
(if it is known)
A quick way to prove that it is a DNS issue and not a network
issue is to ping the IP address
of the host that you are trying to get to. If the connection to
the DNS name fails but the
connection to the IP address succeeds, then you know that your
issue has to do with DNS.
I know that if your DNS Server is not functioning then it could
be hard to figure out what the
IP address is that you want to connect to. Thus, to carry out
this test, you would have to have
a network diagram or, like many network admins do, just have the
IP address of a common
host memorized.
If this works, until the DNS server is available again, you
could manually put an entry in your
hosts file to map the IP to the hostname.
4. Find out what DNS server is being used with nslookup
You can use the nslookup command to find out a ton of
information about your DNS
resolution. One of the simple things to do is to use it to see
what DNS server is providing you
an answer and which DNS server is NOT. Here is my nslookup
of
www.WindowsNetworking.com
Figure 5: nslookup output
-
Notice, in Figure 5, how my local DNS server failed to respond
but my ISPs DNS server did provide me a non-authoritative answer,
meaning that it does not host the domain but can provide a
response.
You can also use nslookup to compare the responses from
different DNS servers by manually
telling it which DNS server to use.
5. Check your DNS suffix
If you are looking up a local host on a DNS server that your PC
is a member of, you might be
connecting to a host and not using the FQDN (fully qualified DNS
name) and counting on the
DNS suffix to help out. For example, if I were to connect to
server1, the DNS server could have multiple entries for that DNS
name. You should have your network adaptor configured
with the connection specific DNS suffix, as shown on the first
line on the graphic above,
labeled Figure 1. Notice how in that graphic my DNS suffix is
wiredbraincoffee.com.
Whenever I enter just a DNS name like server1, the DNS suffix
will be added on the end of
it to make it server1.wiredbraincoffee.com.
You should verify that your DNS suffix is correct.
6. Make sure that your DNS settings are configured to pull
the DNS IP from the DHCP server
It is likely that you would want your network adaptor to obtain
DNS Server IP addresses
from the DHCP Server. If you look at the graphic below, this
adaptor has manually specified
DNS Server IP addresses.
-
Figure 6: Verify DNS Server Settings
You may need to change to Obtain DNS server address
automatically in order to get a new DNS server IP. To do this, open
the Properties tab of your network adaptor and then
click on Internet Protocol Version 4 (TCP/IPv4).
7. Release and renew your DHCP Server IP address (and
DNS information)
Even if your adaptor is set to pull DNS information from DHCP,
It is possible that you have
an IP address conflict or old DNS server information. After
choosing to obtain the IP and
DNS info automatically, I like to release my IP address and
renew it.
While you can do this with a Windows Diagnosis in your network
configuration, I like to do
it in the command prompt. If you have UAC enabled, make sure you
run the Windows cmd
prompt as administrator then do:
IPCONFIG /RELEASE
IPCONFIG /RENEW
Then, do an IPCONFIG /ALL to see what your new IP and DNS Server
info looks like.
-
8. Check the DNS Server and restart services or reboot if
necessary
Of course, if the DNS server is really hung, or down, or
incorrectly configured, you are not
going to be able to fix that at the client side. You may be able
to bypass the down server
somehow, but not fix it.
Thus, it is very likely that you, or the admin responsible for
the DNS server, need to check
the DNS Server status and configuration to resolve your DNS
issue.
9. Reboot your small office / home DNS router
As I mentioned above in #2 and showed in Figure 3, on home and
small office routers, the
DNS server settings are typically handed out via DHCP with the
DNS server set to the IP of
the router and the router will proxy the DNS to the ISPs DNS
server.
Just as it is possible that your local PC has network info
(including DNS server IP
Addresses), it is also possible that your router has bad info.
To ensure that your router has the
latest DNS server information, you may want to do a DHCP release
and renew on the routers WAN interface with the ISP. Or, the easier
option may be just to reboot the router to get the
latest info.
10. Contact your ISP
We all know how painful it can be to contact an ISP and try to
resolve a network issue. Still,
if your PC is ultimately getting DNS resolution from your ISPs
DNS servers, you may need to contact the ISP, as a last resort.
Summary
DNS resolution is a critical piece of our network infrastructure
and it must work properly for
our network applications to function. In this article, I have
given you 10 different ways to
troubleshoot DNS resolutions issues, hope they are useful!
-
System TipThis article applies to a different version of Windows
than the one you are using.
Content in this article may not be relevant to you.Visit the
Windows 7 Solution Center
This article was previously published under Q314095
For a Microsoft Windows 2000 and Microsoft Windows NT 4.0
version of this article, see
163391.
Expand all | Collapse all
On This Page
Summary
This article describes ways to diagnose and resolve issues that
can cause problems when you
try to use one of the following to communicate with servers on
the Internet:
Internet browser
File Transfer Protocol (FTP)
Telnet
This article assumes that you can successfully connect with and
log on to your Internet
service provider (ISP).
Back to the top | Give Feedback
More information
Any one of the following issues can cause problems when you try
to communicate with a
server on the Internet:
The server is not functioning correctly or has been temporarily
removed from
the Internet.
Your Internet browser is not configured correctly.
The TCP/IP configuration for your dial-up connection to your ISP
is incorrect.
Your ISP's Domain Name Service (DNS) server is not working
correctly.
Hosts files in the System_drive:\Windows,
System_drive:\Windows\System32\Drivers, and
System_drive:\Program
Files\Network Ice\Black Ice directories may be damaged or
corrupted.
Note System_drive is a placeholder for the drive where Windows
is installed,
To determine the cause and resolution of the problem that you
are experiencing, follow the
procedures in each of the following sections, in the order that
they are presented in. After you
complete a procedure, try again to see whether you can
successfully communicate with
servers on the Internet.
Try a known good server
If you cannot communicate with a specific server on the
Internet, try to connect to the
Microsoft Web site by using its fully qualified domain name
(FQDN):
http://www.microsoft.com
-
An FQDN is made up of a host name (in this case, "microsoft")
and a domain name (".com").
If you can connect to the Microsoft Web site by using its FQDN,
the TCP/IP configuration on
your computer is correct.
If you can connect to the Microsoft Web site but you cannot
connect to another specific
Internet site after several tries, the other site may not be
functioning correctly or may be
temporarily removed from the Internet. Try to connect to some
different Web sites. If you can
connect to some Web sites but not to other Web sites, contact
your ISP if you need help.
If you cannot connect to any Web sites, there may be an issue
with your Internet browser
configuration or with the TCP/IP configuration for your dial-up
connection to your ISP.
Make sure that your browser configuration is correct
Make sure that your Internet browser (for example, Microsoft
Internet Explorer) is correctly
configured to connect to the Internet through the dial-up
connection to your ISP, and make
sure that your Internet browser is not configured to connect
through a proxy server. (A proxy
server is a computer or a program that acts as a "go-between"
barrier between a local area
network (LAN) and the Internet. A proxy server is a firewall
component that presents one
single network address to external sites.)
To verify these settings, start Internet Explorer, and then
click Internet Options on the Tools
menu. Click the Connections tab, and then view the settings that
relate to your ISP.
To see whether your browser is using a proxy server, click LAN
Settings.
Confirm your Internet Protocol (IP) address
If your ISP has given you a static (permanent) IP address, make
sure that the TCP/IP
configuration for your ISP connection contains the correct
information. Follow these steps:
1. Connect to your ISP. 2. Start a command prompt, type the
following command, and then press ENTER:
ipconfig /all
The ipconfig /all command displays Windows TCP/IP settings for
all your
network adapters and modem connections. The address for a
modem
connection is displayed as "NDISWAN x adapter", where x is a
number. The
default gateway for the NDISWAN x adapter is the same as the IP
address. This
is by design. More than one NDISWAN x adapter may be displayed.
Any
NDISWAN x adapters that are not currently in use display zeros
for the IP
address.
3. If the IP address that is displayed for your dial-up
connection to your ISP does not match the IP address that your ISP
gave you, change the IP address that is
displayed so that it matches the address that your ISP gave you.
Follow these
steps:
a. Click Start, point to Settings, click Control Panel, and then
double-click Network Connections.
-
b. Right-click your Internet connection, click Properties, and
then click the Networking tab.
c. Click the Internet Protocol adapter, and then click
Properties. d. If the settings are not correct, change the TCP/IP
settings to match the
settings provided by your ISP, click OK, and then click OK
again.
Turn on the option to use a default gateway on the remote
network
If you connect to a local network by using a network adapter
and, at the same time, connect
to your ISP by using a modem, configure your dial-up connection
so that any routing
conflicts are resolved in favor of your dial-up connection to
your ISP. Follow these steps:
1. In Control Panel, double-click Network Connections. 2.
Right-click your Internet connection, click Properties, and then
click the
Networking tab.
3. Click the Internet Protocol adapter, click Properties, and
then click Advanced. 4. Click to select the Use default gateway on
remote network check box, and
then click OK.
5. Click OK.
Check the transfer and receive lights
If you connect to a local network by using a network adapter
and, at the same time, connect
to your ISP by using a modem, a conflict between your network
adapter and your modem can
prevent your modem from sending information to servers on the
Internet. To verify that
TCP/IP packets are being routed through your modem to your ISP,
follow these steps:
1. Connect to and log on to your ISP. 2. Use the ping command to
cause your modem to send test information. At a
command prompt, type the following command, and then press
ENTER:
ping IP address
where IP address is the IP address of a known good server on the
Internet. If
you do not know the IP address of a server on the Internet, use
the IP address
for ftp.microsoft.com, 207.46.133.140.
Dial-Up Networking Monitor uses lights to show the modem
status.
If the transfer (Tx) light in Dial-Up Networking Monitor flashes
when you ping
a server on the Internet, TCP/IP information is being routed
through your
modem to your ISP.
If the transfer (Tx) light in Dial-Up Networking Monitor does
not flash when
you ping a server on the Internet, packets are not being routed
through your
modem. Make sure that the IP address that your ISP assigned to
you for your
dial-up connection is different from the IP address for your
network adapter or
loopback driver (if one is installed). Also, the IP address of
your network
adapter or loopback driver must not be on the same network as
the IP address
that your ISP assigned for your dial-up connection.
-
If the receive (Rx) light in Dial-Up Networking Monitor does not
flash when
you ping a server on the Internet, packets are not being
received from your ISP.
Contact your ISP if you need help.
If the receive (Rx) light in Dial-Up Networking Monitor flashes
when you ping
a server on the Internet, but you still cannot connect to the
server by using its
FQDN, there may be a name resolution issue.
Test the name resolution
A DNS server provides host name resolution. If you cannot
connect to a server on the
Internet by using its FQDN, there might be an issue with the DNS
configuration of your dial-
up connection to your ISP or with your ISP's DNS server.
To determine whether there is an issue with the DNS
configuration of your dial-up
connection to your ISP, follow these steps:
1. At a command prompt, type ipconfig /all, and then press ENTER
to display the IP address of your DNS server. If the IP address for
your DNS server does not
appear, contact your ISP to obtain the IP address for your DNS
server.
2. To verify that your computer can communicate with your DNS
server, ping your DNS server's IP address. The reply looks
something like this:
3. Pinging ###.###.###.### with 32 bytes of data: 4. 5. Reply
from ###.###.###.###: bytes=32 time=77ms TTL=28 6. Reply from
###.###.###.###: bytes=32 time=80ms TTL=28 7. Reply from
###.###.###.###: bytes=32 time=78ms TTL=28
Reply from ###.###.###.###: bytes=32 time=79ms TTL=28
The series of number signs (###.###.###.###) represents the IP
address of the
DNS server.
If you cannot successfully ping the IP address of the DNS
server, contact your ISP to verify
that you are using the correct IP address and that the DNS
server is working correctly.
If you can ping the IP address of your DNS server but you cannot
connect to a server on the
Internet by using its FQDN, your DNS server may not be resolving
host names correctly. If
more than one DNS server is available for your ISP, configure
your computer to use a
different DNS server. If using another DNS server resolves the
issue, contact your ISP to
correct the issue with the original DNS server.
Examine the host files
Open Internet Explorer. Connect to the Internet. Type
www.microsoft.com and other FQDN
addresses in the address bar, and then click Go. MSN Search
reports that no page is found.
However, if you type the IP address for any one of the Web
sites, the Web site appears.
To resolve this issue, follow these steps:
1. Search for hosts files on the local hard disk(s).
-
2. If file name extensions are visible, find any hosts file
without the .sam extension, open it with Notepad to verify that it
contains references to the sites
that are unavailable.
3. Delete all hosts files that do not have the .sam
extension.
When you have verified the correct IP address for your DNS
server, update the TCP/IP
settings for your dial-up connection to your ISP. To change or
add a valid IP address for your
DNS server for a Dial-Up Networking phonebook entry, follow
these steps:
1. In Control Panel, double-click Network Connections. 2.
Right-click your Internet connection, click Properties, and then
click the
Networking tab.
3. Click the Internet Protocol adapter, and then click
Properties. 4. Click Use the following DNS server addresses, and
then type the correct IP
address in the Preferred DNS Server box.
5. Click OK, and then click OK again.