SupportWhy is my domain not resolving?

Support Library

Why is my domain not resolving?

Domain lookups fail for users or monitoring probes.

CategoryDNS Reference
Length10 minute read
UpdatedApril 12, 2026

Problem Statement

Domain lookups fail for users or monitoring probes.

Symptoms

NXDOMAIN, SERVFAIL, or timeout responses across some or all resolvers.

Step-by-Step Diagnosis

Check NS delegation, authoritative reachability, direct record queries, and DNSSEC status.

Commands to Run

dig NS example.com +trace ; dig example.com A @ns1 ; dig example.com A @8.8.8.8

Expected vs Bad Output

Expected is stable NOERROR and authoritative consistency; bad output includes timeout or resolver divergence.

Resolution Steps

Repair delegation/authority, correct DNSSEC, and verify across multiple networks.

How DNS Panopticon Detects This

  • Relevant checks: Delegation integrity, resolver consistency, DNSSEC health, and suspicious record-pattern checks.
  • Severity mapping: Informational, medium/high, or critical based on exploitability and user impact.
  • Score impact: Reliability and security scoring dimensions are reduced according to blast radius.
  • Related findings users will see: NS drift, validation failure, orphaned CNAMEs, wildcard exposure, and policy misconfiguration alerts.

Operator Checklist

  • Verify behavior from at least two public resolvers and one resolver inside your own network before making changes.
  • Make one change at a time, capture before/after query output, and wait for TTL windows to clear so you can confirm impact.
  • Document the root cause and the final fix in your runbook to shorten future incidents.