DNS checklist

Topic: Networking basics

Use this checklist when configuring or troubleshooting DNS on a host: confirm nameservers in resolv.conf or the managing source, ensure resolvers are reachable, test with getent and dig, and allow DNS in the firewall if needed. Ensures resolution works for the system and applications. References DNS concept, test, and fix guides.

Intent: Checklist

Quick answer

  • Resolver config: check /etc/resolv.conf for nameserver lines; if managed by netplan, NetworkManager, or systemd-resolved, change the source (netplan, nmcli, resolvectl) so resolv.conf is correct. Do not edit resolv.conf alone if a daemon overwrites it.
  • Reachability: ping each nameserver IP; if unreachable, fix routing or choose a reachable resolver (e.g. gateway, 8.8.8.8, 1.1.1.1). Ensure outbound UDP and TCP 53 are allowed if a host firewall is enabled.
  • Test: getent hosts example.com and dig +short example.com; if dig @8.8.8.8 works but getent fails, the local resolver config is wrong; if both fail, check network and firewall. Document the final config.

Prerequisites

Steps

  1. Check resolver configuration

    Inspect /etc/resolv.conf; note nameserver lines. If it is a symlink or managed by netplan, NetworkManager, or systemd-resolved, update the managing config and apply so resolv.conf is updated. Do not rely on manual edits if a daemon overwrites the file.

  2. Ensure resolvers are reachable

    ping each nameserver IP. If unreachable, fix routing or switch to a reachable resolver. If a host firewall is enabled, allow outbound UDP 53 and TCP 53. Test from the host: getent hosts google.com; dig @NAMESERVER google.com.

  3. Verify and document

    getent hosts and dig +short for a few names. If dig @8.8.8.8 works but getent fails, the local resolver config is wrong. If both fail, check network and firewall. Document nameservers and where they are configured so the setup survives reboots and redeploys.

Summary

Checklist for DNS on a host: verify resolver config (resolv.conf or its source), ensure nameservers are reachable and allowed by firewall, test with getent and dig, then document. Use this when bringing up a server or when resolution fails.

Prerequisites

Steps

Step 1: Check resolver configuration

Inspect /etc/resolv.conf and nameserver lines. If it is managed (netplan, NM, resolved), update that source and apply. Do not rely on manual resolv.conf edits if a daemon overwrites them.

Step 2: Ensure resolvers are reachable

Ping each nameserver IP. If unreachable, fix routing or use a reachable resolver. Allow outbound UDP/TCP 53 in the host firewall if needed. Test getent and dig from the host.

Step 3: Verify and document

Run getent and dig for a few names. If dig @8.8.8.8 works but getent fails, fix local resolver config. Document nameservers and where they are set so config persists.

Verification

  • getent hosts and dig resolve names; resolvers are reachable; config is documented.

Troubleshooting

resolv.conf overwritten — Find and fix the managing source (netplan, NM, resolved). Resolver unreachable — Fix route or use a different resolver. Both getent and dig fail — See How to diagnose no internet access and How to fix broken DNS on Linux.

Next steps

Continue to