Diagnosing Common DNS Errors

Many times when a website is “down,” it is unable to be found by DNS. If you are trying to troubleshoot DNS errors, or trying to understand a DNS error you have encountered, this is right where you should be.

There are several websites out there which will run a series of DNS diagnostics on your domain. Our favorite here at Liquid Web is dnsstuff.com; however, it is a paid-for subscription, and may not be practical unless you plan to perform a lot of tests as time goes by. A free service is dnstools.com, which provides similar information to dnsstuff.com. You can also use various command line tools, such as “whois,” “nslookup,” “dig” and “ping”.

Let’s use liquidweb.com as an example of what the report should look like using dnstools.com

This section tells us who the owner/registrant of the domain is. This can be obscured by some registrars using “domain privacy,” which is usually a charged-for service.

Registrant:
Web Inc., Liquid
Liquid Web Inc.
4210 Creyts Rd.
Lansing, MI 48917
US

Domain Name: LIQUIDWEB.COM

The next section provides us with the administrative contact, which can be the same as or different from the registrant:

Administrative Contact, Technical Contact:
Web Inc., Liquid webmaster@liquidweb.com
Liquid Web Inc.
4210 Creyts Rd.
Lansing, MI 48917
US
800-580-4985 fax: 517-322-0493

The third section tells us when the domain will expire, when it was first created, and when it was last updated:

Record expires on 04-Aug-2015.
Record created on 05-Aug-1997.
Database last updated on 3-Jun-2009 01:00:39 EDT.

Finally, this section lists the authoritative domain servers for our domain:

Domain servers in listed order:

NS.LIQUIDWEB.COM 209.59.139.20
NS1.LIQUIDWEB.COM 64.91.251.155

The authoritative nameservers are very important. They are the only place the zone file can effectively be changed. Before making DNS changes to a domain hosted on your server, be sure you know if they are using your nameservers, Liquid Web’s nameservers, or another set entirely.

If you make changes to your DNS information, it may take the full length of the appropriate DNS “Time to Live” (TTL) for you to see those changes working. If, after your TTL expires, you are still not able to see the changes you made, there are two simple things you can check first:

• did you increment the serial number to today’s date and current revision number?
• did you make the changes on the authoritative zone file?

If you answered “yes” to both those questions, then we get into more interesting DNS diagnosis. Check your zone file for any formatting errors, if applicable:

• did you enter the IP address or domain name correctly?
• did you place a trailing “.” after the end of the domain name?
• did you set up the correct type of record (A, CNAME, MX, NS?)
• if you manually entered the changes at the command line, not in WHM, did you reload the zone file after the changes? (rndc reload domainname.com)