How do I fix DNS issues like slow browsing, DNS leaks, or problems caused by DNS over HTTPS (DoH)?

Table of Contents

• What Are Common DNS Issues in Modern Networks?
• Why Is Diagnosing DNS Problems More Difficult Now?
• Tools You Need for DNS Troubleshooting
• Step-by-Step: How to Diagnose DNS Issues
• Advanced Fixes for DNS Problems
• Preventative DNS Best Practices
• Conclusion
• Frequently Asked Questions (FAQs)

DNS (Domain Name System) is the foundation of internet navigation, converting domain names like example.com into IP addresses. But when DNS fails, everything from web browsing to app functionality breaks down. In this guide, we’ll break down how to diagnose and fix DNS issues, including slow browsing, DNS leaks, and challenges introduced by DNS over HTTPS (DoH). We'll also explore how tools like nslookup, dig, and Wireshark can help in real-world diagnostics.

What Are Common DNS Issues in Modern Networks?

DNS problems typically arise from misconfigurations, network restrictions, or conflicts introduced by modern privacy features like DoH. Common symptoms include:

• Websites failing to load despite internet availability

  
  

• Inconsistent access across browsers or apps

• High latency in name resolution

• DNS server not responding errors

Why Is Diagnosing DNS Problems More Difficult Now?

With new privacy protocols such as DNS over HTTPS (DoH) and DNS over TLS (DoT), traditional DNS queries are often encrypted. This makes diagnosis harder unless you're analyzing traffic from the application layer.

Modern DNS diagnostic challenges:

• Split DNS in corporate networks

• DNS queries sent to multiple resolvers

• Transparent DNS proxies by ISPs

• Security tools masking or hijacking DNS traffic

Tools You Need for DNS Troubleshooting

Step-by-Step: How to Diagnose DNS Issues

Step 1: Check Basic Connectivity

Before blaming DNS, ensure that the system has internet access. Use ping 8.8.8.8 to verify IP-level connectivity.

Step 2: Use nslookup or dig for Basic DNS Queries

nslookup google.com
dig google.com +trace

These tools reveal:

• Whether DNS resolution is working

• Which server is responding

• Response time

Step 3: Detect DNS Leaks

DNS leaks happen when queries go outside of VPN-encrypted tunnels. Use tools like:

• dnsleaktest.com

• Wireshark to detect unencrypted DNS queries

Step 4: Analyze DNS Packets in Wireshark

Filter DNS packets:

dns

Look for:

• Long query times

• Retries

• SERVFAIL or NXDOMAIN responses

Step 5: Test DNS over HTTPS (DoH) Scenarios

DoH settings may override system-wide DNS configurations. In browsers like Firefox and Chrome:

• Check if DoH is enabled in settings

• Temporarily disable to test DNS fallback

Advanced Fixes for DNS Problems

Preventative DNS Best Practices

• Use DNSSEC-enabled resolvers for better security

• Prefer encrypted DNS (DoH/DoT) where possible

• Avoid hardcoding DNS in applications

• Monitor DNS performance using tools like Namebench or Grafana Loki

Conclusion

DNS troubleshooting has become more complex in modern networks with encryption, VPNs, and privacy settings in place. But with the right tools—nslookup, dig, and Wireshark—and clear troubleshooting steps, even difficult DNS problems can be resolved. Whether you're a network admin or a cybersecurity professional, mastering DNS diagnostics is critical for end-to-end visibility and performance assurance.

FAQs 

What causes DNS issues in modern networks?

DNS issues can be caused by misconfigured servers, VPN conflicts, encrypted DNS protocols like DoH, or ISP hijacking DNS requests.

How can I test if DNS is working?

You can test DNS by using nslookup or dig to query domains and check the response times and IP resolutions.

What is a DNS leak?

A DNS leak happens when DNS queries are sent outside a secured (e.g., VPN) tunnel, exposing your browsing activity to ISPs or third parties.

How do I detect a DNS leak?

Use online tools like dnsleaktest.com or inspect DNS traffic using Wireshark with a DNS filter.

What is DNS over HTTPS (DoH)?

DoH is a privacy protocol that encrypts DNS queries using HTTPS, preventing eavesdropping or DNS spoofing.

Can DoH cause DNS problems?

Yes, DoH can override system DNS settings and cause failures in corporate networks, parental control tools, or internal domain resolution.

How do I disable DoH in browsers?

In Firefox, go to Settings > General > Network Settings. In Chrome, disable "Use secure DNS" under Security settings.

How do I change my DNS server?

You can change DNS servers in your OS network settings or router configuration. Use 1.1.1.1 or 8.8.8.8 for reliable performance.

What does nslookup do?

nslookup sends DNS queries to a resolver and shows the IP address and DNS server response time for a domain.

How does dig differ from nslookup?

dig provides more detailed output and is used by professionals for analyzing DNS query paths and failures.

What DNS server should I use for speed?

Cloudflare (1.1.1.1) and Google DNS (8.8.8.8) are considered among the fastest and most reliable public DNS servers.

Why is my browser slow despite internet working?

This could be due to slow DNS resolution or the browser using DoH that conflicts with your network setup.

How to fix DNS server not responding?

Restart your router, switch to public DNS servers, or flush your DNS cache using ipconfig /flushdns.

What is split DNS?

Split DNS is a setup where internal domains are resolved by internal DNS and external domains use public resolvers.

Can antivirus affect DNS?

Yes, some antivirus software filters DNS queries or blocks unknown DNS traffic, which may lead to DNS failures.

Is DNS traffic encrypted by default?

Traditional DNS is unencrypted. DNS over HTTPS (DoH) or DNS over TLS (DoT) must be configured to enable encryption.

How do I analyze DNS in Wireshark?

Use the filter dns to view all DNS queries and responses. Analyze time, response codes, and any failed lookups.

What does NXDOMAIN mean in DNS?

NXDOMAIN means the DNS server cannot find the domain name you’re looking for. It might be a typo or misconfigured record.

What is SERVFAIL in DNS?

SERVFAIL indicates the DNS server failed to process the query, possibly due to internal error or zone issues.

How do I clear DNS cache on Windows?

Run ipconfig /flushdns in Command Prompt with administrator rights.

Can VPNs cause DNS issues?

Yes, some VPNs override DNS settings, and if misconfigured, can result in DNS leaks or broken resolution.

How do I fix DNS leaks on a VPN?

Ensure your VPN has DNS leak protection enabled, or manually set DNS servers in your VPN settings.

How to know which DNS my system is using?

Run ipconfig /all on Windows or scutil --dns on macOS to see the DNS servers configured on your system.

Why do I get different IPs for the same domain?

This could be due to DNS load balancing or geographically distributed CDNs resolving to nearby IPs.

What is a DNS benchmark?

A DNS benchmark tests different DNS servers to measure resolution speed and reliability for your location.

How can firewalls affect DNS?

Firewalls may block outbound DNS queries on port 53, especially in corporate environments with custom DNS policies.

Can malware change my DNS settings?

Yes, some malware modifies your DNS server entries to redirect you to malicious or fake websites.

How to monitor DNS performance long-term?

Use monitoring tools like Grafana with DNS exporters, or periodic dig/nslookup scripting to log resolution times.

What is conditional DNS forwarding?

It allows DNS servers to forward specific domain queries to designated DNS servers—useful for hybrid or enterprise setups.

How do I fix internal domains not resolving?

Add proper DNS forwarding for internal domains or configure split DNS with correct zone files on the internal DNS server.

How do I secure DNS for my home network?

Use encrypted DNS (DoH or DoT), configure routers with trusted DNS providers, and block ISP DNS override using firewall rules.