Last updated:
DNS lookup failed: what it means and how to fix it
A DNS lookup failure means your domain cannot be resolved. If your website is not loading and visitors see "server not found" or "this site can't be reached", a DNS failure is the most likely cause. Email stops working, APIs go offline, and every service tied to the domain becomes unreachable. This is the most urgent domain health issue because it takes everything down at once.
- Is the domain registered? Log in to your registrar and confirm it has not expired.
- Are the nameservers correct? Check that the nameservers at your registrar match your DNS provider (Cloudflare, Route 53, GoDaddy, etc.).
- Test with Google DNS:
- Test with Cloudflare DNS:
- Check the DNS zone. Log in to your DNS provider and verify the zone exists and contains records.
If both public resolvers fail, the problem is with your domain configuration, not your local network. If only one fails, it may be a temporary resolver issue. If these checks all pass, your DNS is likely working and the issue may be elsewhere.
What is DNS
DNS (Domain Name System) translates your domain name into IP addresses and other records that computers use to route traffic and deliver email. Every time someone visits your website, sends you an email, or connects to your API, a DNS lookup happens first.
A DNS lookup failure means the resolver could not get a response when querying for your domain's records. Without that response, nothing works. The browser shows "server not found", email bounces (because MX, SPF, and DMARC records all depend on DNS), and any service tied to your domain becomes unreachable.
How DNS resolution works
When a browser or email server needs to reach your domain, it follows a chain of lookups. A failure at any point in this chain will cause the lookup to fail.
The most common failure points are: the resolver cannot reach your nameserver (misconfigured or unreachable), the TLD has no nameserver record for your domain (expired registration), or your authoritative nameserver does not have a zone for your domain (deleted DNS zone).
How to think about a DNS failure (simple)
If you are not familiar with DNS, here is the simplest way to understand what has happened:
- DNS is like a phone directory for your domain. It maps your domain name to the addresses of your servers.
- A DNS failure means the directory entry for your domain cannot be found or has no usable records.
- In both cases, nothing can connect to your domain. The browser has nowhere to go.
- This affects everything at once: your website, your email, your API, and any service that uses your domain name.
Unlike issues such as a missing SPF record or missing DMARC policy (which affect email specifically), a DNS failure is a total outage. Nothing works until DNS is restored.
How to tell if this is your issue
These are common signs that a DNS lookup failure is affecting your domain:
- Your website is not loading at all. The browser shows "server not found", "DNS_PROBE_FINISHED_NXDOMAIN", or "This site can't be reached". This is different from a slow page or a 500 error, which indicate the server was found but could not respond.
- Email has stopped working. If incoming email is bouncing and outgoing email is failing authentication, DNS may be down. Email relies on MX, SPF, and DMARC records, all of which require DNS.
- Your domain was flagged as unreachable. A domain health scan or uptime monitor reported that your domain could not be resolved.
- Multiple services are down simultaneously. If your website, email, and API all fail at the same time, DNS is the most likely common cause.
- You recently changed nameservers or registrars. DNS failures often follow nameserver changes if the new configuration is incomplete or has not propagated yet.
Why this matters
DNS is the first step in every connection to your domain. If it fails, nothing else has a chance to work. It is the foundation layer for your entire online presence:
- Your site is completely unreachable. Visitors see "server not found" errors. This is not a degraded experience; it is a total outage.
- Email delivery stops. Mail servers rely on DNS to find MX records. If lookups fail, incoming email cannot be delivered to your domain.
- Email authentication breaks. SPF, DMARC, and DKIM records all live in DNS. If DNS is down, email authentication fails entirely.
- All dependent services break. APIs, CDNs, subdomains, and any third-party service that resolves your domain will also fail.
- SEO impact. Search engine crawlers that cannot resolve your domain will eventually deindex your pages. Prolonged DNS failures can take weeks to recover from in search rankings.
- Lost revenue. For e-commerce and SaaS businesses, a DNS outage means customers cannot access your product. Every minute of downtime has a direct cost.
When this is temporary vs a real problem
Not all DNS lookup failures indicate a configuration problem. It is important to distinguish between temporary issues and persistent ones.
Temporary (usually resolves itself)
- A single resolver timed out
- Brief network disruption between resolver and nameserver
- You just changed nameservers (propagation in progress)
- Your DNS provider had a short outage
- Fails from one resolver but succeeds from another
Real problem (needs action)
- Fails from multiple resolvers (8.8.8.8 and 1.1.1.1)
- Domain registration has expired
- Nameservers at registrar do not match DNS provider
- DNS zone was accidentally deleted
- Failure persists for more than an hour
Quick test: Run dig yourdomain.com @8.8.8.8 and dig yourdomain.com @1.1.1.1. If both fail, the problem is with your domain, not the resolver. If only one fails, wait 15 minutes and test again.
How to fix it properly
Work through these steps in order. Each one rules out a common cause.
Step 1: Check your domain registration
Log in to your domain registrar and confirm the domain is active. If the registration has expired, the registrar removes nameserver delegation and all DNS lookups will fail. Most registrars offer a grace period for renewal after expiry.
Step 2: Verify your nameservers
Check that the nameservers listed at your registrar match the ones your DNS provider expects. For example, if you use Cloudflare, the nameservers should be something like ada.ns.cloudflare.com and bob.ns.cloudflare.com. Mismatched nameservers are the most common cause of DNS lookup failures.
Step 3: Test with multiple public resolvers
Query your domain from at least two different public DNS resolvers. This confirms whether the problem is global or specific to one resolver.
Step 4: Check the DNS zone exists
Log in to your DNS provider and verify that the DNS zone for your domain exists and contains records. If the zone was accidentally deleted, nameservers will still point to the provider but there will be nothing to serve. You will need to recreate the zone and re-add your records.
At minimum, your zone should contain an A record (pointing to your server's IP address) and an NS record.
Step 5: Wait for propagation (if you made recent changes)
If you recently changed nameservers, registrars, or DNS providers, allow time for the change to propagate. Most changes take effect within a few hours, but full global propagation can take up to 48 hours. During this period, some resolvers may return the old (or no) result.
Step 6: Contact your DNS provider
If everything above looks correct but lookups still fail, the issue may be on your DNS provider's side. Check their status page for ongoing incidents, or contact support with the output of your dig commands.
Common mistakes
- Mismatched nameservers. Your registrar points to one set of nameservers, but your DNS records are configured at a different provider. This is the single most common cause of DNS lookup failures. Always make sure both sides match.
- Expired domain. If the domain registration lapses, nameservers are removed and all DNS lookups fail immediately. Set up auto-renewal to avoid this.
- Deleted DNS zone. If you accidentally delete your DNS zone at your provider, all records disappear even though the nameservers still point there. The nameservers respond with NXDOMAIN (domain not found) for every query.
- Assuming the problem is temporary. A single failed lookup can be a resolver glitch. But if lookups fail from multiple resolvers for more than an hour, there is a real configuration problem. Do not wait days before investigating.
- Changing nameservers without migrating records. If you switch DNS providers, you need to recreate all your DNS records at the new provider before pointing the nameservers there. Otherwise, the new provider has no records to serve.
- Ignoring downstream effects. DNS failures break email authentication records (SPF, DMARC) and A records. When DNS is restored, verify that all your records are intact.
How 1Pane detects this
1Pane queries multiple DNS record types (A, AAAA, MX, NS, TXT, CNAME) during a scan. If the resolver returns errors or timeouts across all record types, the scan flags it as a DNS lookup failure. Partial failures (where some record types succeed and others do not) are reported separately as warnings.
1Pane also checks for related issues that DNS failures cause, including missing A records, SPF records, and DMARC records. When DNS is restored, a rescan will verify that all dependent records are intact.
Frequently asked questions
Is a DNS lookup failure always a real problem?
Not always. A single failed lookup can be caused by a temporary resolver timeout or network issue. If the failure persists across multiple resolvers (8.8.8.8 and 1.1.1.1) and repeated tests, it indicates a real configuration problem that needs to be fixed.
Can a DNS failure affect my email?
Yes. Email depends on DNS for MX records (where to deliver mail), SPF records (sender verification), and DMARC records (policy enforcement). When DNS is down, all of these fail. Incoming email bounces, and outgoing email loses authentication.
How long does DNS propagation take?
Most DNS changes propagate within a few minutes to a few hours. Full global propagation can take up to 48 hours in rare cases. If you recently changed nameservers, allow time before concluding there is a problem.
My website is not loading. Is it definitely DNS?
Not necessarily. If your browser shows "server not found" or "DNS_PROBE_FINISHED_NXDOMAIN", it is a DNS issue. If it shows a timeout, 502, or 503 error, the DNS is working but your server is not responding. Run dig yourdomain.com @8.8.8.8 to check. If you get an IP address in the response, DNS is working and the problem is elsewhere.
Related issues
DNS failures often cause or mask these related domain health issues:
Scan your domain with 1Pane to confirm DNS resolution and check for related issues in one place.
Scan your domain with 1Pane