NetworkingNetwork+

DNS Troubleshooting for CompTIA Network+ N10-009

DNS troubleshooting is directly tested on CompTIA Network+ N10-009. DNS failures prevent hostname resolution, making websites and applications unreachable by name while IP access still works. You must know how to diagnose and resolve DNS resolution failures using tools like nslookup, dig, and ipconfig, and understand common DNS failure scenarios.

7 min

2 sections · 7 exam key points

1 practice questions

DNS Troubleshooting Process

Step 1 — Confirm DNS is the problem: Can the user reach the destination by IP address? If yes, DNS is the issue. If no, the problem is at a lower layer.

Step 2 — Check DNS configuration: 'ipconfig /all' (Windows) or 'cat /etc/resolv.conf' (Linux) shows the configured DNS server IP. Verify the DNS server IP is correct. If APIPA (169.254.x.x), DHCP failed — no DNS server was assigned.

Step 3 — Test DNS resolution: 'nslookup google.com' — does it return an IP? If the response is 'DNS request timed out,' the DNS server is unreachable. If it returns the wrong IP, the DNS server has incorrect records. 'nslookup google.com 8.8.8.8' — queries Google's public DNS directly. If this works but the corporate DNS fails, the corporate DNS server has an issue.

Step 4 — Flush DNS cache: 'ipconfig /flushdns' (Windows). Stale DNS cache can cause resolution to incorrect IPs after a record changes. After flushing, retry the resolution.

Step 5 — Verify DNS server reachability: 'ping dns-server-ip'. If DNS server is unreachable, check routing and firewall rules for UDP/TCP 53.

Common DNS Failures

DNS server unreachable: DHCP assigned wrong DNS server IP, firewall blocking UDP 53, DNS server down. Fix: correct DNS server IP, open firewall rule for port 53, restart DNS service.

Incorrect DNS records: A record points to wrong IP (after server migration), TTL hasn't expired yet (old cached record). Fix: update DNS record, reduce TTL before planned changes, flush cache on clients.

Split-horizon misconfiguration: internal users getting external IPs for internal servers (or vice versa). Check internal DNS server configuration. DNSSEC failures: client cannot validate DNSSEC signatures — check DNSSEC chain of trust.

nslookup 'SERVFAIL': DNS server received a valid query but cannot provide an authoritative answer — DNS server is configured as a forwarder but cannot reach upstream servers. Check forwarder configuration and internet connectivity from the DNS server.

Key exam facts — Network+

Works by IP but not by name = DNS problem
'ipconfig /flushdns': clears local DNS cache
nslookup: tests DNS resolution; 'nslookup host dns-server' tests a specific DNS server
SERVFAIL: DNS server cannot answer — check forwarders and upstream connectivity
TTL controls cache duration: old records cached until TTL expires
UDP 53: DNS queries; TCP 53: zone transfers and large responses
Wrong DNS server IP assigned by DHCP: check DHCP scope options

Common exam traps

If nslookup works, DNS is fine for all applications

nslookup uses the system's configured DNS server but bypasses the application's DNS resolution and local hosts file. If nslookup works but the browser doesn't, check the hosts file (/etc/hosts or C:\Windows\System32\drivers\etc\hosts) for overrides

Practice questions — DNS Troubleshooting

These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A user can ping the web server by IP (203.0.113.50) but typing 'www.company.com' in the browser returns 'server not found.' nslookup returns 'DNS request timed out.' What is the first troubleshooting step?

A.Replace the network cable

B.Verify the DNS server is reachable and check its IP in ipconfig /all

C.Change the web server IP address

D.Reinstall the web browser

Explanation: The DNS request timing out indicates the DNS server is unreachable or not responding. Check 'ipconfig /all' to verify the configured DNS server IP is correct, then ping the DNS server IP to verify reachability. If the DNS server IP is wrong (DHCP misconfiguration) or unreachable (firewall, server down), fix that first. IP access working confirms physical and routing layers are functioning.

Frequently asked questions — DNS Troubleshooting

What is the hosts file and how does it affect DNS?

The hosts file (/etc/hosts on Linux/macOS, C:\Windows\System32\drivers\etc\hosts on Windows) is a local name-to-IP mapping that is checked before DNS queries. If a hostname is in the hosts file, the hosts file entry takes precedence — DNS is not queried for it. Malware often modifies the hosts file to redirect legitimate domains to malicious IPs. Check the hosts file if DNS-based troubleshooting doesn't resolve the issue.

Practice this topic

Network+practice questions

Test yourself on DNS Troubleshooting

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime