Basic knowledge about DNS and how to fix DNS problems.
I wrote this for 5-year olds, complete with cute replacement terminology (and cartoon illustration…ha, jk). If you don’t understand it, I can’t possibly think of any easier explanation for you.
Let’s get to it!
1. How DNS works
DNS stands for “domain name system”.
DNS is used to connect domain names to computer IP’s. Because nobody likes to type 74.6.231.21
into their web-browser. It’s much easier to type yahoo.com
. And that’s how it (magically works).
- You type a domain into your browser.
- The browser passes the request for the domain name to the nearest DNS server. (It basically says “Hey…which computer is hosting that domain name?”)
- If that DNS server knows exactly the computer (and its IP) hosting that domain, it will connect you directly.
- If the DNS server doesn’t know which computer hosts that domain, it passes the request to other DNS servers until it finds the computer (server, IP) that’s serving that domain name.
- Then your browser is connected to that server and data is sent back and forth.
How many DNS servers are involved during a domain name lookup process?
- It can be at least 5-10 jumps before it finds the web-server.
- Request is made from local computer.
- Then goes to nearest DNS server, which could be on the same computer and/or another computer on local network.
- Then local ISP.
- Then to a large organization that manages all TLDs of that domain name (.com, .net, .shop, etc).
- Then to the registrar company that manages your domain (e.g. GoDaddy).
- Then to DNS proxy service if you use one (Cloudflare, Amazone Route 53, DNSME, etc).
- Then to a datacenter hosting the servers.
- Then specifically to the server with the website.
Basically, many many jumps. And could be even more if each network had many machines locally (pretend if you went to an external IP like 45.21.5.55
which housed tons of machines internally starting from local IP’s like 192.168.0.1
).
2. DNS tools to play with
DNS tools are useful for learning purposes or to diagnose real-world issues.
- Ping – shows whether the domain resolves successfully to an IP, and if it’s responding. FYI: if the server isn’t responding, it might have blocked PING (for security purposes).
- Reverse IP Lookup – does the reverse of domain name resolution. You put in the IP and it tells you the name (hostname) of the server behind it.
- All sites on IP – looks up all websites hosted on that IP.
- DNS Lookup – looks up all DNS records for a domain.
- MX Lookup – looks up only the DNS records related to email for that domain, and shows them in greater detail.
- Lookup IP WHOIS – you found the IP behind a domain name but now want to see who owns it. Commonly used for reaching out to buy their domain, DMCA complaint, or lawsuit. This tool only works if 1) the WHOIS doesn’t have privacy protection on it, and 2) if it’s not proxied behind another server (like Cloudflare).
- Traceroute – shows all the computers hopped through during the name resolution process. Can also pinpoint the exact location of a DNS failure. Sometimes very rarely, the fault is of another server’s (and not yours) and this tool shows exactly which one.
3. How to fix DNS problems
The first step is to know whether you even have a DNS problem.
Detecting your DNS problem:
- You type an address into your browser and your site doesn’t show up.
- You see error messages about connection not possible, or possible bad DNS entry. Another possible scenario is you do see something, but maybe it’s not what you wanted (e.g. wrong website, or wrong redirect).
And this is all assuming that you know for sure the web-server is working. How do you know if it is? Errr….well, by pinging the IP or logging into SSH and checking service status, or logging into the control panel and see that things are working.
Realistically speaking, there are only 2 scenarios you can fix. Any other DNS problem would be related to some upstream provider and not accessible/fixable by you.
Common DNS problems and fixes:
- Incorrect DNS records – all DNS records (for your domains/subdomains) are either an A record (pointing to an IP) or a CNAME record (pointing to a domain). Go make 1) they are pointing to the right IP’s or domains, and 2) you don’t have duplicate records. In case you don’t know where your DNS records are…they’re managed by either your webhosting account, DNS service (e.g. Cloudflare), or domain registrar.
- Upstream DNS service failure – highly unlikely situation (since this outage affects thousands if not millions of angry clients) but can happen at times. This can be easily resolved by configuring your domain registrar, to point to the name servers of a different DNS service (like Cloudflare)…instead of using the existing name servers from your domain registrar or webhost.
- Local DNS service failure – this is usually fixed by the webhost when you contact them for support. If you’re the one managing your own server, restarting the DNS service can fix it. Sometimes you need more work. Such as the DNS service won’t start because your server is out of space. Or your DNS zones need to be rebuilt on the server (follow server guides to accomplish this).
Can you theoretically “diagnose” these things in a more scientific way? Sure you can. But for me the diagnosis and fixes are so obvious since there are very few (common) points of failure. Visit a browser and if the site is down, you check the web server. If web server is running, then check the DNS service and its records. If all seems good, check from another computer in same household or mobile phone, or another computer in same city, then another computer in far away location.
It’s only when you have a more complicated in-house (local network) DNS issue, that the more complicated DNS diagnosis steps need to be done. For simple web-hosting stuff, DNS diagnosis is pretty easy.
Things that seem like DNS problems, but aren’t.
- Web-server down – sometimes the DNS records are fine; it’s just the server that’s down.
- Bad Redirect – sometimes you got a redirect somewhere in the server config (htaccess file), or DNS proxy level (e.g. Cloudflare page rule).
- DNS issue from local ISP – more common than you’d expect. Website can’t be reached and you immediately blame your own server/hosting. Testing from another computer or friend (from your same ISP) or even mobile doesn’t work. But when you ask a far away relative or friend to test, it works. It probably means your local ISP has DNS issues (unable to reach the site) or might be blacklisting your webhost datacenter’s IP range or blocking your domain (for spamming?).
- DNS issue from local network – uncommon but also happens. Maybe your local network (route) or the computer itself has a DNS issue. This is easily detected by testing with another computer on your same network. Maybe your router needs to be reset, or if you were screwing around trying to use another DNS service like Google (then you need to put it back or do it correctly). Or maybe your computer needs a DNS flush, restart, or more complicated DNS service repair steps.
Did I miss anything? You tell me! (in the comments below)
Andrew
Very cognitive, Thanks!