What Is DNS Failure? (And How To Fix It)

Originally Posted at Forbes

Sometimes the internet feels like the old joke about “you can’t get there from here.” DNS errors and DNS failures are especially frustrating. “DNS server isn’t responding,” “DNS lookup failed,” “NXDOMAIN” and “DNS resolution timeout” are just some of the possible ways your browser or internet-enabled device tells you there is a DNS failure.

There are different causes and fixes (more on that shortly), but the initial DNS failure result is the same; you—or your customers—can’t get where you were trying to go. A DNS failure is a lot like running into roadblocks. How you get around them depends on the type of roadblock and what you are driving. Sometimes you can take a detour by changing DNS servers, other times you go off-road by changing your DNS records and sometimes you’ll have to wait for someone else to remove the roadblock if an upstream internet service provider (ISP) issue is the cause.

What Does DNS Mean?

DNS stands for domain name system. The DNS is the series of codes and commands that cross-references IP addresses and domain names. It effectively functions as an internet address book that connects numerical IP addresses to the alphanumeric domain names we all type into our browsers.

The information is stored on nameservers (internet-connected computers storing domain name system information). Your domain registrar or web host provides domain name server addresses for you to use with your domain name, and you can also add information to your domain name records (DNS records). 

What Does DNS Failure Mean?

DNS failure is a failure to communicate between your device and a DNS server. When a DNS failure occurs, you can’t reach the internet address you wanted to reach. As a viewer, this might mean you can’t shop, bank online or watch your favorite video-streaming provider.

NS is the internet’s nervous system—fragile, but critical. When it breaks, everything from websites to email to trading platforms can go dark. What’s alarming is that failures often stem from something as mundane as a forgotten domain renewal or a typo in a record. Small mistakes can cause big financial and reputational damage.”

—Craig Watt, threat intelligence consultant at Quorum Cyber

For a business, it can mean losing thousands of dollars every minute. While your website hosting might not be down, it is the same result—your website is unreachable. Additionally, if your intranet is down, your remote or on-site workforce that uses online tools loses productivity. 

Causes of DNS Failures

Like pretty much all things tech, there’s more than one way to break things. The connections between the domain name system, internet users and your website are particularly fragile because the settings are dynamic (changeable) and there are many parts involved with chances for user error and equipment or coding errors at several points. While there are many ways DNS failures can happen, some are more common than others.

The No. 1 DNS-related cause of all unplanned outages is unintentional domain expiry, by a huge margin. There are also more esoteric reasons for the sudden suspension of domain names that are functionally equivalent: there are ICANN policy actions like “Whois Accuracy Policy” (WAP suspensions), which strike like a comet out of deep space because they occur 15 days after the event that triggered it.”

— Mark E. Jeftovic, CEO, president at easyDNS Technologies Inc.

Domain Expiration 

If I had a nickel for every time I’ve seen this happen, I’d be on my own private island by now. Domain registrations are not forever. You can register a domain name from one to 10 years before you must renew it. You can set renewal as automatic or manual. Unintentional domain expirations tend to happen when renewals are set to manual, your payment method expires or your staff changes and no one has access to the domain account any longer. 

Misconfiguration of DNS Records 

Remember the user error chances I mentioned? Well, here’s the most common culprit. Even giants like Microsoft (in 2001) and Facebook (in 2021) have been taken down by DNS misconfigurations in the past. Unless your webhost is also your domain registrar and they handle it all for you, you’ll need to set your DNS records when you connect a domain name to your website.

Confusion over how to set DNS records, such as CNAME, AAAA, A and MX (email) is common when starting out with a new website. Plus, typos or conflicts with duplicate or outdated records not properly deleted are frequent. Nameservers (NS) may also be set incorrectly.

DNS failures can happen for a myriad of reasons—and SMBs can be lucrative targets for hackers. For bad actors looking to take advantage of DNS, breaking into a registrar account to change delegations or transfer domains is one threat. Separately, dangling CNAME records—which are aliases that point to nonexistent domain names —can allow for a takeover, which can result in the publishing of malicious content from actual domain names.”

— Cricket Liu, executive vice president and chief evangelist at Infoblox

Misconfigurations cover a huge range of records, some basic, some more advanced. Some, such as missing or misconfigured DNSSEC records could increase the risk of domain hacking or hijacking (where a bad actor redirects your traffic to a malicious website) as well. 

Upstream ISP Issue 

Sometimes a DNS failure is nothing you’ve done; it’s a matter of an issue with your internet service provider. That’s why it’s important to verify whether others can reach your website when customers report your site is down. It may be that customers’ internet connection provider, such as AT&T, Verizon, Comcast (Xfinity) or Charter (Spectrum), is having issues instead of your website. 

DNS Outage 

Like all technology, sometimes the DNS providers suffer outages. For example, Cloudflare’s public 1.1.1.1 was down for just over an hour in July 2025 and affected millions of users worldwide. When this happens, you have to move to a different DNS server or wait for the provider to resolve the issue. 

DDoS Attack 

A distributed denial of service (DDoS) attack is just one of many ways bad actors attack through the DNS. Specifically, a DDoS means cybercriminals are using multiple computers to flood a server with too much traffic. Without protections in place, that flood of requests for information can quickly overwhelm resources and processing power, much like rush hour traffic can overwhelm a road’s capacity, leading to gridlock. 

It never ceases to amaze me how creative threat actors can be. Cache poisoning, denial-of-service attacks, phishing, spoofing (my greatest fear) and man-in-the-middle attacks are all possible in the case of DNS missteps. The reality is simple: attackers only need to be right once.”

— Greg Sullivan, founding partner at CIOSO Global

A DDoS attack can affect every website or system attached to the victim server. Even if you have the best shared hosting or best VPS hosting, you are sharing server resources to some degree, and another customer’s troubles can affect your website. Likewise, DNS servers themselves can be the targets of DDoS attacks and affect thousands of websites. 

Bad TTL Setting 

Technically part of your DNS records, TTL settings are often overlooked, so I wanted to call extra attention to them. Updates to your DNS records only work if the authoritative servers know about the changes. Part of how you control that is to adjust your time to live (TTL) DNS record setting. TTL controls how long your records are cached (saved) by the authoritative DNS servers. A long setting means it keeps the information stored longer before checking for fresh information. Cached information loads faster, so people reach your website faster. However, it also means that if information changes, then a DNS failure can happen before the authoritative servers look for the updates.

Likewise, long TTL settings open the door for DNS cache poisoning, another route for malicious actors to hijack your traffic. Set the TTL too short and website load times slow as the authoritative servers have to check for new data almost constantly. It’s admittedly a bit of a tightrope walk to find the right setting for your website.

Latency 

Latency is how long it takes for data to move between your system and the DNS server and back. Latency is a bit like wait time at the DMV. You can’t control the line ahead of you and you can’t control how fast the DMV personnel work—you can only control what line you get in, that is, which DNS provider you use. A large line (congestion from many requests on the server) can create higher latency (delay), or picking the wrong staff member’s window (DNS provider) can mean longer latency.

Router Issues 

Sometimes it’s nothing but a glitch in your router that creates a DNS failure. It’s not that the website is down; it’s that a specific visitor can’t reach it. The router is the hardware that sends information between different devices or networks. Think of it as a postal employee sorting mail. Like all technology, sometimes random glitches happen, or there is outdated firmware that might interfere with connectivity.

How To Fix a DNS Failure

Sometimes the buck stops with you, even if you have no clue what’s going on. As a small business owner, you may be asked for help when a customer can’t reach your website thanks to a DNS failure error message.

Most often, the fix is to check configurations and ensure everything is properly deployed. In some rare cases, we need to flush a cache on the DNS server to remove stale entries, even after we’ve fixed a configuration.”

—Jake Williams, VP of R&D at Hunter Strategy

Whether you know anything about DNS or not, it’s time to saddle up and try to help them. There’s no one perfect fix for every DNS failure, but there are steps to follow that will correct most issues—or at least put you on the path to narrowing down what needs to be done to get you or your customer back online fast. 

Fixing DNS Failures as an Internet User 

As an internet user, your control over DNS is limited, so your primary steps are to find out where the issue is and contact someone else for help if it is beyond your control. These steps will help you fix what you can if your hotel Wi-Fi, VPN or general internet browsing runs up against a DNS failure. 

There’s not much a user can do when DNS is not working. Just make sure your computer’s network connection is operational and that you have a DNS configuration. On Windows you can always run “ipconfig /all” in a command prompt (cmd.exe), or on Linux you can run “ip address”. Either way, that will give you the information you need to know if your network is working. On Linux, you may need to look in /etc/resolv.conf to know if network manager has configured the DNS client correctly.” 

—Jacob Anderson owner at Beyond Ordinary

1. Check connection with another device. See if you can access the internet address via another device. It may be an issue beyond your devices. In that case, you’ll need to contact support for your internet service provider (ISP), mobile carrier or the location whose Wi-Fi network you are using, such as a hotel or library. 
2. Restart your router and/or device. If you are using public Wi-Fi, you can’t access the modem and will have to settle with only restarting your device. 
3. Run the troubleshooter. Run the connection troubleshooter on your device. Even if it doesn’t find the issue, sometimes it kicks the software into refreshing. 
4. Clear your DNS cache on your machine. Depending on your operating system, you’ll handle this by going to the command prompt and typing “ipconfig/flushdns”. 
5. Try changing your public DNS server. As a general internet user, most of the time you can swap to a public DNS, such as Cloudflare (1.1.1.1) or Google (8.8.8.8). There are many public DNS options when the one your ISP provides isn’t working well. 
6. Update firmware. Update your device and/or router firmware, if you have access to it. 
7. Update your network adapter driver. Try updating your drivers to ensure your network adapter isn’t the issue.

Fixing DNS Failures as a Website Owner 

As a website owner, you should have access to DNS settings and other controls to make more active fixes to DNS failure error messages, or at least access to the services that can make those changes for you. 

Fixing a DNS failure starts with identifying where the issue lies. Network tracing can help uncover whether the root cause is a configuration error or a server/network outage. In practice, the fixes often focus on tightening controls and reducing single points of failure. For example, businesses should harden their DNS servers so that only approved administrators can make changes, and those changes should only be accepted from trusted IP addresses. While there’s no silver bullet, these steps can significantly reduce downtime and keep DNS functioning reliably.”

— Steve Cobb, chief information security officer at SecurityScorecard

1. Check connection with other devices. Checking whether access is a single-device issue or widespread is important before messing with your server settings. If it is only one device, follow the steps for fixing DNS failures as an internet user. 
2. Check your DNS records for typos and conflicts. Remember to check for old records that could conflict with newer records. 
3. Check your nameservers. If you aren’t using DNS records to point your website to your domain registration, you’ll need to ensure your nameserver records are pointed correctly and that those nameservers aren’t experiencing issues. 
4. Ensure it isn’t a cyberattack. DDoS can bog down your website. Quickly check you aren’t getting excessive traffic or requests and mitigate accordingly. 
5. Adjust your time-to-live (TTL) setting. Update your TTL to refresh new settings more quickly. 
6. Consider a different DNS provider. If your site’s DNS servers are consistently showing high latency, lack strong security or don’t have the controls you need, consider a different provider. 
7. Consider redundant DNS servers. Redundancy is the reason many domain registrars give you a list of multiple nameservers—the idea is if one fails, the next picks up the load.
8. Get help. Your DNS provider, domain registrar and web hosting provider should all have help channels available.

When You Can’t Fix a DNS Failure 

The internet is deeply intwined in our daily lives and DNS failures restricting access temporarily are frustrating. When it’s an issue upstream where you have to wait on another provider to fix the issue, it’s time to work outside the internet. 

Things to do when you have to wait for a DNS failure fix as a business owner: 

• Proactively contact customers. If it’s not a global outage, use your mass messaging service to text your customers with status updates and discounts for when the site comes back online. Don’t forget to send another text when the error clears. 
• Update social media. Again, this only works if it is a small outage, but if social media is available, update customers there. Faster information leads to less frustrated customers. 
• Plan to avoid issues next time. Look into redundant DNS nameservers so you have secondary DNS servers as backups if the primary ones fail. 

Things to do when you have to wait for a DNS failure fix as an individual: 

• Hope your boss tells everyone to go home early. 
• Take an early lunch. 
• Catch up on filing. 
• Make those phone calls you’ve been putting off. 
• Take a walk. 
• Try chaos gardening. 
• Scream into the void.

Ways to Prevent or Reduce DNS Failure

Prevention is worth a pound of existential crisis and watching your company become the “it’s fine” room on fire meme. Plan ahead to reduce DNS failure consequences.

Proactive measures dramatically reduce risk. Redundant DNS infrastructure ensures traffic can route through another provider if one fails. DNS monitoring and anomaly detection flag unusual query patterns or failures before they escalate. Implementing DNS security measures, such as DNSSEC for authenticating responses and rate-limiting to curb excessive queries, helps prevent traffic hijacking and stops attackers from using your DNS servers to amplify attacks. Regular audits of records, configurations and zones reduce human error, the leading cause of outages.”

—Katrina Rosseini, head of health care innovation and cybersecurity expert at Ascendant Group 

• Keep hardware drivers and firmware updated. 
• Keep software updated. 
• Use one of the best domain registrars for more domain security, better performance and more technical support. 
• Look into redundant DNS servers. 
• Pick hosting with strong technical support. Forbes Advisor considers support when creating our best lists, such as best shared hosting and best VPS hosting lists.
• Invest in staff training for how to troubleshoot common DNS failure issues.