Articles

Fix DNS NXDOMAIN "Query Name Does Not Exist" Error (2026)

April 16, 2026 5 min read

The DNS resolver is refusing to answer because the DNS server explicitly states the requested domain name does not exist.

This isn’t a network issue where the query couldn’t get there, nor is it a timeout where the server was just slow. The server responded and said, "Nope, that’s not a thing."

Common Causes and Fixes

  1. Typo in the Domain Name: This is the most frequent culprit. A single misplaced character, a forgotten dot, or an extra hyphen will cause an NXDOMAIN.

    • Diagnosis: Double-check the domain name you are trying to resolve. If you are using dig or nslookup, simply re-type the command carefully. For example, instead of dig google.com, you might have accidentally typed dig googel.com.
    • Fix: Correct the typo.
    • Why it works: The DNS server looks for an exact match. A typo means it’s searching for a name that was never registered.

  2. The Domain Name Has Expired or Was Never Registered: The domain name simply doesn’t exist in the DNS system because it was never purchased, or its registration lapsed and was not renewed.

    • Diagnosis: Use a WHOIS lookup tool (e.g., whois google.com) to check the registration status of the domain. If it’s expired, the WHOIS record will often indicate this, and there might be a redemption period. If it was never registered, it won’t appear in WHOIS.
    • Fix: If the domain is yours and expired, renew it with your registrar. If it’s someone else’s, you’ll need to acquire it through legitimate means (e.g., waiting for it to become available for general registration, or purchasing it from the current owner if possible).
    • Why it works: The DNS root servers delegate authority to TLD servers (like .com or .org), which in turn delegate to the authoritative nameservers for the specific domain. If a domain has no authoritative nameservers because it’s unregistered or expired, the chain of delegation breaks, resulting in NXDOMAIN.

  3. Incorrect DNS Zone Configuration on Authoritative Nameserver: The domain exists and is registered, but the DNS records (like A, CNAME, MX) are missing or misconfigured on the server that is authoritative for that domain.

    • Diagnosis: Identify the authoritative nameservers for the domain using dig NS yourdomain.com. Then, query one of these nameservers directly for the record you expect to find (e.g., dig @ns1.yournameserver.com A www.yourdomain.com). If it returns NXDOMAIN, the zone file is the problem.
    • Fix: Log into your DNS hosting provider or the control panel for your authoritative nameserver. Ensure the correct records are present and accurately configured. For example, if you expect an A record for www.yourdomain.com pointing to 192.0.2.1, make sure that record exists.
    • Why it works: The authoritative nameserver is the ultimate source of truth for a domain’s DNS records. If it doesn’t have the record, it will correctly report that the name does not exist within its zone.

  4. Propagation Delay After DNS Changes: If you’ve recently created or modified DNS records, it can take time for these changes to propagate across all DNS servers globally. During this period, some resolvers might still query old, unresponsive, or non-existent states.

    • Diagnosis: This is harder to diagnose directly with a single command as it’s a timing issue. However, if you recently made changes and are seeing NXDOMAIN inconsistently, this is a strong indicator. You can check DNS propagation status using online tools like whatsmydns.net.
    • Fix: Wait. DNS propagation typically takes anywhere from a few minutes to 48 hours, depending on the TTL (Time To Live) values of the records and the caching behavior of intermediate DNS servers.
    • Why it works: DNS relies on caching. When you change a record, existing cached entries on resolvers worldwide need to expire before they’ll fetch the new information. If the TTL was high, this delay is longer.

  5. Subdomain Not Configured: The main domain might exist, but the specific subdomain you’re trying to access (e.g., blog.yourdomain.com when only yourdomain.com is configured) has not been set up.

    • Diagnosis: Use dig yourdomain.com to confirm the main domain resolves. Then, use dig subdomain.yourdomain.com and compare the results. If the main domain resolves and the subdomain returns NXDOMAIN, the subdomain is likely unconfigured.
    • Fix: Add the necessary DNS record for the subdomain on your authoritative nameserver. For example, create an A record for blog pointing to an IP address, or a CNAME record pointing to another domain.
    • Why it works: DNS is hierarchical. A request for sub.domain.com first queries for the com nameservers, then domain.com nameservers, and finally the sub.domain.com zone. If the sub.domain.com zone doesn’t exist or doesn’t contain the requested record, an NXDOMAIN is returned.

  6. Incorrect Nameserver Delegation: If you’ve set up your own authoritative nameservers for yourdomain.com but have not correctly registered those nameservers with the TLD registry (e.g., Verisign for .com), then queries for yourdomain.com won’t be able to find your nameservers.

    • Diagnosis: Use dig NS yourdomain.com. Check the output. Then, use dig @root-servers.org NS yourdomain.com (or query any other root server) to see what the root servers know about your domain’s NS records. If they differ, or if the root servers can’t find your nameservers, delegation is the issue.
    • Fix: Log into your domain registrar’s control panel and update the "glue records" or nameserver delegation settings to point to your authoritative nameservers. Ensure the nameservers themselves are properly configured and reachable.
    • Why it works: The root DNS servers are the top of the hierarchy. They need to know which nameservers are authoritative for yourdomain.com. If this delegation is incorrect or missing, queries for yourdomain.com will eventually lead to an NXDOMAIN because the query can’t be directed to the correct authoritative source.

The next error you’ll likely encounter after fixing these issues is an SERVFAIL if your DNS server itself is misconfigured or unable to reach the authoritative server, or potentially a connection refused if the service at the IP address is not running.

Want structured learning?

Take the full Dns course →