A Linux web server that normally has no internet issues is now intermittently unable to load external sites. Browser sessions hang while the status bar shows "resolving host," but an immediate retry sometimes works. Administrators confirm that the upstream DNS servers are healthy and other hosts on the same subnet resolve names without delay. Before changing configuration files, which command on the affected server will provide the most detailed insight into where the DNS lookup is failing?
Edit /etc/resolv.conf immediately to switch the system to public DNS servers.
Ping the domain repeatedly to determine whether name resolution occasionally succeeds.
Capture and count outgoing DNS queries with netstat or ss to look for a possible DNS flood.
Run dig +trace example.com to follow each delegation step from the root servers down to the authoritative servers.
Running dig +trace example.com performs iterative queries beginning at the root name servers and displays every delegation step until the authoritative answer (or failure) is reached, making it easy to see exactly where the resolution process breaks down. This yields far richer diagnostic data than simply pinging the host, counting query volume, or editing resolv.conf without evidence. While nslookup can confirm whether a resolver answers, it does not automatically show the full delegation chain, so dig +trace is the more comprehensive first check.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the `+trace` option in `dig` do?
Open an interactive chat with Bash
How is `dig +trace` different from `nslookup`?
Open an interactive chat with Bash
What is the role of root name servers in the DNS lookup process?