How to fix broken DNS on Linux

Topic: Networking basics

When resolution fails on Linux: fix /etc/resolv.conf or the source that manages it (netplan, NetworkManager, systemd-resolved). Ensure nameservers are reachable and that firewall allows outbound DNS. Use this when getent or dig fails and you need the system to resolve names again.

Intent: Troubleshooting

Quick answer

  • Check /etc/resolv.conf for nameserver lines; if wrong or missing, fix the source (netplan nameservers, NM ipv4.dns, or systemd-resolved) so the file is updated correctly; do not edit resolv.conf directly if a manager overwrites it.
  • Ensure the resolver IP is reachable: ping NAMESERVER_IP; if unreachable, fix route or use a different resolver (e.g. 8.8.8.8, 1.1.1.1). Allow outbound UDP and TCP 53 if a host firewall is enabled.
  • Test with getent hosts google.com and dig @NAMESERVER google.com; if dig @8.8.8.8 works but getent fails, the local resolver config is wrong; if both fail, check network and firewall.

Prerequisites

Steps

  1. Inspect current resolver config

    cat /etc/resolv.conf; note nameserver lines. If the file is a symlink (e.g. to systemd-resolved), fix the real source (resolvectl, netplan, or NM) so resolv.conf is updated.

  2. Set nameservers in the right place

    Netplan: under the interface, set nameservers.addresses: [8.8.8.8, 1.1.1.1]; run netplan apply. NetworkManager: nmcli con mod ID ipv4.dns '8.8.8.8 1.1.1.1'. systemd-resolved: use resolvectl or set in .conf; then restart systemd-resolved.

  3. Ensure resolver is reachable

    ping -c 2 NAMESERVER_IP; if unreachable, add a route or change to a reachable resolver. Allow outbound UDP 53 and TCP 53 (for large responses) in the host firewall.

  4. Verify resolution

    getent hosts google.com; dig +short google.com; if both work, apps that use the system resolver will work; document the change so it persists across reboots.

Summary

Fix broken DNS by correcting the resolver configuration (in netplan, NetworkManager, or systemd-resolved, not by editing resolv.conf alone if it is managed), ensuring the resolver is reachable, and allowing DNS in the firewall. Use this when getent or applications cannot resolve names.

Prerequisites

Steps

Step 1: Inspect current resolver config

cat /etc/resolv.conf
ls -la /etc/resolv.conf

If it is a symlink (e.g. to /run/systemd/resolve/stub-resolv.conf), changes must be made in the manager (systemd-resolved, netplan, or NetworkManager), not by editing the file directly, or the manager will overwrite it.

Step 2: Set nameservers in the right place

  • Netplan: In the interface config add nameservers: addresses: [8.8.8.8, 1.1.1.1]; run netplan apply.
  • NetworkManager: nmcli con mod CONNECTION_ID ipv4.dns "8.8.8.8 1.1.1.1".
  • systemd-resolved: Configure in /etc/systemd/resolved.conf or with resolvectl; restart systemd-resolved.

Step 3: Ensure resolver is reachable

ping -c 2 8.8.8.8

If the resolver IP is unreachable, fix routing or choose a reachable resolver. Ensure the host firewall allows outbound UDP and TCP port 53.

Step 4: Verify resolution

getent hosts google.com
dig +short google.com

Both should return IPs. Then applications using the system resolver should work.

Verification

  • /etc/resolv.conf (or the managed source) has correct nameserver lines; getent and dig resolve a test name; firewall allows DNS if applicable.

Troubleshooting

resolv.conf overwritten — A daemon or script is managing it; find the source (netplan, NM, resolved) and change it there.

Resolver unreachable — Wrong IP, no route, or firewall; use a resolver on a reachable network (e.g. gateway or 8.8.8.8 if the internet is reachable by IP).

Next steps

Adding the remaining Linux/practical guides and fixing the next link. <|tool▁calls▁begin|><|tool▁call▁begin|> StrReplace

Continue to