Terabyte Systems

How Do I Fix DNS Issues? A Complete Troubleshooting Guide

By Sarah Mitchell 13 min read
dns networking troubleshooting internet connectivity

After spending 8 years as a network administrator supporting over 2,000 users, I’ve resolved countless DNS problems. The good news? Most DNS issues have simple fixes that take less than 5 minutes. Just last month, I helped my neighbor who thought her internet was “completely broken”—turns out it was just a DNS problem that required changing two numbers in her network settings. This guide walks you through identifying and fixing DNS problems using the same methodical approach I use professionally.

Quick Fix: Try These First (5 Minutes)

Before diving deep, try these three solutions that fix about 70% of DNS problems I encounter:

1. Flush Your DNS Cache

Your computer stores DNS lookups to speed up browsing. Sometimes this cache becomes corrupted or outdated.

Windows:

  1. Open Command Prompt as Administrator (search “cmd”, right-click, “Run as administrator”)
  2. Type: ipconfig /flushdns
  3. Press Enter

Mac:

  1. Open Terminal (Applications → Utilities → Terminal)
  2. Type: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
  3. Enter your password when prompted

Linux:

  1. Open Terminal
  2. Type: sudo systemd-resolve --flush-caches (Ubuntu/Debian) or sudo /etc/init.d/nscd restart (older systems)

Test your internet immediately after. If websites now load, you’re done—DNS cache was the culprit.

2. Restart Your Router

DNS settings can get corrupted in your router’s memory. Restart forces a clean slate:

  1. Unplug your router’s power cable
  2. Wait 30 seconds (important—lets capacitors discharge)
  3. Plug it back in
  4. Wait 2 minutes for full startup
  5. Test your internet

This fixes routing table issues and forces your router to reconnect to your ISP’s DNS servers properly.

3. Change to Public DNS Servers

Your ISP’s DNS servers might be slow or malfunctioning. Switch to reliable public DNS servers:

Cloudflare DNS (fastest in most locations):

  • Primary: 1.1.1.1
  • Secondary: 1.0.0.1

Google Public DNS (reliable worldwide):

  • Primary: 8.8.8.8
  • Secondary: 8.8.4.4

How to change (Windows):

  1. Open Settings → Network & Internet → Change adapter options
  2. Right-click your connection → Properties
  3. Select “Internet Protocol Version 4 (TCP/IPv4)” → Properties
  4. Select “Use the following DNS server addresses”
  5. Enter the DNS addresses above
  6. Click OK

How to change (Mac):

  1. System Preferences → Network
  2. Select your connection → Advanced → DNS tab
  3. Click the + button and add the DNS addresses
  4. Click OK, then Apply

If websites suddenly load after this change, your ISP’s DNS servers were the problem.

Understanding DNS: What It Actually Does

DNS (Domain Name System) is the internet’s phone book. When you type “google.com” in your browser, DNS translates that human-readable name into a computer-readable IP address (like 142.250.185.46). Without working DNS, your browser doesn’t know where to find websites—even though your internet connection works perfectly.

I explain it to non-technical users this way: imagine having perfect cell phone service but losing your entire contact list. You could make calls, but you wouldn’t know anyone’s number. That’s exactly what DNS problems feel like—your internet works, but you can’t reach any websites by name.

How to Diagnose DNS Problems

Before fixing, we need to confirm DNS is actually the problem. Here’s my diagnostic process:

Test 1: Can You Access Websites by IP Address?

Open your browser and try visiting: http://93.184.216.34

This is example.com’s IP address. If this loads but google.com doesn’t, DNS is definitely your problem—your internet works fine, but name resolution is broken.

Test 2: Use nslookup Command

This tool queries DNS servers directly, showing exactly what’s failing.

Windows/Mac/Linux:

  1. Open Command Prompt or Terminal
  2. Type: nslookup google.com

Good result (DNS working):

Server:  1.1.1.1
Address:  1.1.1.1#53

Non-authoritative answer:
Name:    google.com
Address: 142.250.185.46

Bad result (DNS failing):

Server:  Unknown
Address:  192.168.1.1

*** Request timed out

The timeout message confirms DNS failure. The server address shows which DNS server failed—if it’s 192.168.1.1 (your router), the router’s DNS is broken.

Test 3: Check DNS Response Time

Even if DNS works, slow DNS makes websites feel broken. Test DNS speed:

Windows:

nslookup -debug google.com

Mac/Linux:

time nslookup google.com

Good DNS responses take under 100 milliseconds. If you see multiple seconds, your DNS server is too slow.

Real-world case: A client complained that every website took “forever to start loading” but loaded quickly once they started. DNS lookup time was 4-5 seconds. Switching from their ISP’s DNS to Cloudflare’s 1.1.1.1 dropped that to 15 milliseconds—problem solved instantly.

Common Cause #1: Router DNS Problems

Your router handles DNS requests for your entire home network. When the router’s DNS fails, every device loses internet access.

Problem: Router DNS Cache Corruption

Symptoms: All devices in your home can’t access websites. Restarting devices doesn’t help. Router uptime is long (weeks or months).

Solution: Routers cache DNS responses. After running continuously for weeks, this cache can corrupt.

Fix:

  1. Restart your router (unplug, wait 30 seconds, plug back in)
  2. If the problem persists, factory reset your router (instructions in manual or on router’s label)
  3. After reset, configure your router to use public DNS servers instead of ISP defaults

How to change router DNS (varies by manufacturer):

  • Log into router (usually 192.168.1.1 or 192.168.0.1 in browser)
  • Look for “DNS Settings” or “WAN Settings”
  • Enter Cloudflare DNS (1.1.1.1 and 1.0.0.1)
  • Save and restart router

Problem: ISP DNS Server Issues

Symptoms: DNS problems started suddenly. Affects all devices. Your ISP’s status page shows issues.

Solution: Your ISP’s DNS servers might be down or overloaded.

Verification: Check DownDetector for your ISP. Look for reports of “internet not working” or “can’t access websites.”

Fix:

  • Switch to public DNS (Cloudflare or Google)—this bypasses your ISP’s problematic DNS completely
  • Contact your ISP to report the problem
  • Consider permanently using public DNS servers—they’re often faster and more reliable

Real experience: During a major ISP DNS outage in my area affecting thousands of customers, I switched my family to Cloudflare DNS in 2 minutes. We had working internet while neighbors waited hours for the ISP to fix their servers.

Common Cause #2: Network Configuration Issues

Sometimes your device’s network settings prevent proper DNS function.

Problem: Multiple DNS Servers Conflicting

Symptoms: DNS works intermittently. Some websites load, others don’t. Problems seem random.

Solution: Your device might be configured with multiple DNS servers that provide conflicting information.

Fix:

  1. Check your network adapter settings
  2. Remove all DNS servers
  3. Configure only two: one primary and one secondary from the same provider (both Cloudflare or both Google)
  4. Ensure no old DNS servers remain configured

Problem: IPv6 DNS Issues

Symptoms: IPv6 websites don’t load. IPv4 sites work fine. Some modern websites (Google, Facebook) work inconsistently.

Solution: IPv6 is the newer internet protocol. If your ISP supports IPv6 but your DNS settings don’t, modern websites using IPv6 can fail.

Fix:

  • Add IPv6 DNS servers alongside IPv4
  • Cloudflare IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001
  • Google IPv6: 2001:4860:4860::8888 and 2001:4860:4860::8844

Configuration (Windows):

  1. Network adapter properties → Internet Protocol Version 6 (TCP/IPv6) → Properties
  2. Add the IPv6 DNS addresses above

Problem: DNS Suffix Search List Issues

Symptoms: Short names (like “server” or “printer”) don’t resolve. Fully qualified domain names (FQDNs) work fine.

Solution: In corporate or complex home networks, DNS suffixes help resolve short names. Incorrect configuration breaks this.

Fix:

  1. Open network adapter properties → Advanced → DNS tab
  2. Check “Append these DNS suffixes” settings
  3. Remove incorrect entries or set to automatic

This is more common in business environments, but I’ve seen it in home networks when users copy settings from work laptops.

Common Cause #3: Firewall and Security Software

Security software sometimes blocks DNS traffic, breaking internet access.

Problem: Firewall Blocking DNS Ports

Symptoms: Internet worked fine, then stopped after installing security software or updating firewall rules.

Solution: DNS uses port 53 (UDP and TCP). Overly aggressive firewalls block this.

Fix:

  1. Check firewall settings (Windows Firewall, third-party firewall software)
  2. Ensure outbound connections to port 53 are allowed
  3. Temporarily disable firewall to test—if internet works with firewall off, you’ve found the culprit
  4. Create firewall rules to allow DNS traffic

Windows Firewall rule creation:

  1. Windows Defender Firewall → Advanced Settings → Outbound Rules → New Rule
  2. Port → UDP → Specific remote ports: 53
  3. Allow the connection
  4. Apply to all profiles
  5. Name it “DNS Outbound”

Problem: VPN DNS Leaks or Conflicts

Symptoms: DNS stops working when VPN connects. Works fine with VPN disconnected.

Solution: VPNs route all traffic through their servers, including DNS. If the VPN’s DNS server is slow or broken, you lose DNS even though the VPN connection works.

Fix:

  1. Check VPN settings for custom DNS options
  2. Configure VPN to use specific DNS servers (Cloudflare or Google)
  3. Or configure your device to use DNS that bypasses the VPN (not recommended for privacy)

Alternative: Switch VPN providers. High-quality VPN services (ExpressVPN, NordVPN, Mullvad) have reliable DNS infrastructure.

Problem: Antivirus HTTPS Scanning

Symptoms: Secure websites (HTTPS) don’t load or show certificate errors. HTTP sites work fine.

Solution: Some antivirus software intercepts HTTPS traffic to scan for malware. If configured incorrectly, this breaks DNS over HTTPS (DoH).

Fix:

  1. Check antivirus settings for “HTTPS scanning” or “SSL scanning”
  2. Temporarily disable to test
  3. If this fixes DNS, reconfigure antivirus or use different software

Common Cause #4: Malware and DNS Hijacking

Malware can redirect your DNS queries to malicious servers, breaking legitimate websites or redirecting you to phishing sites.

Problem: DNS Hijacking

Symptoms: Websites redirect to unexpected pages. Search results show strange websites. Security warnings appear frequently.

Solution: Your computer or router has been compromised. Malware changed your DNS settings to route traffic through attacker-controlled servers.

How to check:

  1. Run ipconfig /all (Windows) or cat /etc/resolv.conf (Linux/Mac)
  2. Check which DNS servers are configured
  3. If you see unfamiliar IP addresses, your DNS has been hijacked

Common malicious DNS servers to watch for:

  • Anything in the 5.x.x.x or 31.x.x.x ranges (common in malware)
  • DNS servers you didn’t configure yourself

Fix:

  1. Run full antivirus scan with Malwarebytes (excellent for removing DNS hijackers)
  2. Manually reset DNS to known good servers (Cloudflare, Google)
  3. Check router DNS settings—malware sometimes infects routers
  4. Change router admin password—many DNS hijacks exploit default passwords
  5. Update router firmware to latest version

Real case: A client’s entire family experienced strange redirects. Malware had changed the router’s DNS to servers in Eastern Europe. Every device in the house was affected. Router factory reset and firmware update fixed it permanently.

Problem: Hosts File Modification

Symptoms: Specific websites don’t load, but most sites work fine. Affected sites show errors like “This site can’t be reached.”

Solution: The hosts file on your computer maps domain names to IP addresses, overriding DNS. Malware often modifies this file.

How to check:

  • Windows: Open C:\Windows\System32\drivers\etc\hosts in Notepad (as Administrator)
  • Mac/Linux: Open /etc/hosts in a text editor with sudo

What to look for:

  • Normal files have mostly comments (lines starting with #)
  • Suspicious entries look like: 127.0.0.1 facebook.com (blocks Facebook)
  • Redirect entries: 192.168.1.50 bankofamerica.com (redirects to attacker)

Fix:

  1. Delete suspicious lines
  2. Save the file (requires administrator/sudo privileges)
  3. Flush DNS cache
  4. Test affected websites

Advanced Troubleshooting

If basic fixes don’t work, these advanced techniques solve persistent DNS problems.

Check for DNS Rebinding Attacks

What it is: A security exploit where malware uses DNS to bypass firewall protections.

How to detect:

  1. Run nslookup suspicious-site.com multiple times
  2. If the IP address changes with each query (especially to private IP ranges like 192.168.x.x or 10.x.x.x), you’ve found a rebinding attack

Fix:

  • Install browser extensions that block DNS rebinding
  • Configure router firewall to block DNS responses with private IP addresses
  • Use DNS servers with rebinding protection (Cloudflare has this built-in)

Configure DNS over HTTPS (DoH)

What it is: Encrypts DNS queries so ISPs and attackers can’t see or modify your DNS traffic.

Benefits:

  • Prevents ISP DNS tracking
  • Blocks DNS hijacking
  • Can bypass DNS-based censorship

How to enable:

Firefox: Settings → Privacy & Security → Enable DNS over HTTPS → Choose provider (Cloudflare or NextDNS)

Chrome: Settings → Privacy and security → Security → Use secure DNS → Choose provider

Windows 11: Settings → Network & Internet → Ethernet/Wi-Fi → DNS server assignment → Edit → Preferred DNS encryption: “Encrypted only (DNS over HTTPS)”

Caution: Some corporate networks block DoH because it bypasses their filtering. If you can’t access internal resources after enabling DoH, disable it on work devices.

Test DNS Server Performance

Not all DNS servers are equal. Test to find the fastest for your location:

Tools:

These tools test dozens of DNS servers and rank them by response time from your specific location.

My results (your results will vary):

  • Cloudflare: 12ms average
  • Google: 18ms average
  • ISP default: 67ms average

Switching from ISP to Cloudflare made browsing noticeably snappier.

Check for DNS Server Outages

Even reliable public DNS servers occasionally have problems.

How to check:

If your chosen DNS provider has an outage, temporarily switch to an alternative.

Platform-Specific Issues

Windows-Specific DNS Problems

Problem: DNS Client service stopped

Fix:

  1. Press Win+R, type services.msc
  2. Find “DNS Client” service
  3. Right-click → Start
  4. Right-click → Properties → Startup type: Automatic

Problem: Network adapter driver issues

Fix:

  1. Device Manager → Network adapters
  2. Right-click your adapter → Update driver
  3. If that fails: Uninstall device, restart (Windows reinstalls driver automatically)

Mac-Specific DNS Problems

Problem: mDNSResponder crashes

Symptoms: DNS works initially, then stops. Restarting fixes it temporarily.

Fix:

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

Problem: Incorrect DNS order

Fix:

  1. System Preferences → Network → Advanced → DNS
  2. Drag DNS servers into preferred order (fastest first)
  3. Remove duplicates

Linux-Specific DNS Problems

Problem: systemd-resolved conflicts

Fix:

sudo systemctl restart systemd-resolved

Problem: /etc/resolv.conf overwritten

Solution: systemd-resolved or NetworkManager overwrites manual changes.

Fix:

# Make resolv.conf immutable
sudo chattr +i /etc/resolv.conf

# Or configure systemd-resolved
sudo nano /etc/systemd/resolved.conf
# Add: DNS=1.1.1.1 1.0.0.1
sudo systemctl restart systemd-resolved

Preventing Future DNS Problems

After fixing DNS issues thousands of times, I’ve developed a prevention strategy:

Use Reliable Public DNS Servers:

  • Configure devices to use Cloudflare (1.1.1.1) or Google (8.8.8.8)
  • Configure your router to use the same
  • This provides redundancy—if your ISP’s DNS fails, you’re unaffected

Enable DNS over HTTPS:

  • Encrypts DNS queries
  • Prevents ISP interference
  • Blocks DNS hijacking attempts

Regular Maintenance:

  • Flush DNS cache weekly: ipconfig /flushdns (Windows) or sudo dscacheutil -flushcache (Mac)
  • Update router firmware quarterly
  • Check hosts file monthly for unauthorized modifications
  • Restart router monthly

Security Measures:

  • Change router default admin password immediately
  • Disable remote router management
  • Keep antivirus/antimalware updated
  • Don’t install questionable browser extensions (they can modify DNS settings)

Monitor Performance:

  • Bookmark Fast.com for quick connection tests
  • Run periodic DNS benchmark tests
  • If DNS suddenly slows down, investigate immediately

When to Contact Your ISP

Call your ISP if:

  • All troubleshooting steps fail
  • Multiple devices and locations have DNS issues
  • Problem started after ISP maintenance or outages
  • Switching to public DNS doesn’t help (suggests broader network issues)
  • Physical line problems (damaged cables, connection issues)

Before calling, document:

  • What troubleshooting you’ve already done
  • DNS servers you’ve tested
  • Error messages (screenshots help)
  • Whether wired and wireless both fail
  • Output from ipconfig /all (Windows) or ifconfig (Mac/Linux)

This information helps support resolve issues faster. In my experience, informed customers with documentation get better, faster support.

Conclusion

DNS problems are incredibly common but usually simple to fix. The three quick fixes at the beginning of this article—flushing DNS cache, restarting your router, and switching to public DNS servers—resolve the vast majority of DNS issues I encounter professionally.

Understanding that DNS translates website names to IP addresses helps you diagnose problems more effectively. If you can access websites by IP address but not by name, you know DNS is the culprit, not your internet connection.

For persistent problems, work through systematic troubleshooting: test DNS response time, check for malware, review firewall settings, and verify configuration. Don’t skip steps—methodical testing identifies root causes faster than guesswork.

Most importantly, prevent future DNS problems by using reliable public DNS servers, enabling DNS over HTTPS, and maintaining your network equipment. These proactive measures save hours of frustrating troubleshooting.

For deeper understanding, Mozilla’s Trusted Recursive Resolver (TRR) documentation explains DNS over HTTPS implementation. The DNS Privacy Project provides resources about securing DNS queries. Cloudflare’s Learning Center offers excellent DNS fundamentals. For performance testing, DNSPerf publishes DNS provider benchmarks. Finally, the Internet Systems Consortium’s BIND documentation provides authoritative technical DNS information for advanced users.

Thank you for reading! If you have any feedback or comments, please send them to [email protected] or contact the author directly at [email protected].