problem hub
Read-onlyDNS not resolving on Linux
Compare resolver answers, authoritative answers, TTL, direct HTTP checks, and server reachability before changing DNS again.
Safest first command
dig +short example.com ABefore you run this
Expected output: One or more IP addresses, or no answer if the resolver cannot resolve the name.
When not to use it: Do not keep changing DNS records before checking TTL and authoritative nameserver answers.
Expected output example
203.0.113.10How to read the result
If the expected address appears, DNS may not be the current failure. If answers differ between resolvers or authoritative servers, check TTL and record source before changing more records.
Compare DNS and direct server response
A browser failure can be DNS, TLS, routing, Nginx, or the app. Compare resolver answers and force a direct HTTP check to the expected IP.
dig +short example.com Adig @1.1.1.1 example.com A +shortcurl --resolve example.com:443:203.0.113.10 https://example.com/
Check TTL and authoritative servers
If public resolvers disagree, check whether propagation is still inside TTL or authoritative records differ.
Common causes
- Stale resolver cache or TTL delay
- Wrong authoritative nameserver
- A record and AAAA record disagree
- Local resolv.conf or systemd-resolved issue
- Server is reachable by IP but virtual host/TLS is wrong
What not to change yet
- Do not keep editing DNS records while TTL is still active.
- Do not flush only the browser cache and assume DNS changed globally.
- Do not ignore IPv6 if AAAA records exist.
platform notes
Distro and service notes
systemd-resolved
resolvectl can show which resolver the host actually uses.
macOS
Use macOS resolver tools and cache-flush guidance for Apple Terminal pages.
Web hosting
Use curl --resolve to separate DNS from the web server response.
supporting commands