Get DNS INFOGET DNS INFO
    Network Diagnostics: Essential Tools and Techniques for Troubleshooting
    Networking

    Network Diagnostics: Essential Tools and Techniques for Troubleshooting

    Master the essential network diagnostic tools — ping, traceroute, dig, nslookup, curl, and more — to troubleshoot connectivity issues, DNS problems, and network performance effectively.

    Get DNS INFO TeamPublished October 8, 2024Updated Jan 10, 202513 min read

    The Systematic Approach to Network Troubleshooting

    Effective network troubleshooting requires working through the network stack from bottom to top, eliminating possibilities at each layer rather than randomly trying fixes. For internet connectivity and DNS problems — the most common issues for website owners — the relevant layers are:

    • Network layer: IP connectivity — can you reach the target IP at all?
    • Transport layer: TCP/UDP connectivity — can you establish connections on specific ports?
    • Application layer: DNS resolution, HTTP/S connections, TLS handshakes

    Ping: Testing Basic IP Connectivity

    Ping sends ICMP Echo Request packets to a target host and measures how long it takes to receive Echo Reply responses. It is the first tool to use when diagnosing connectivity.

    Basic usage:

    • Windows: `ping example.com`
    • Linux/macOS: `ping example.com` or `ping6 example.com` for IPv6

    What to look for:

    • Reply received: Basic connectivity exists
    • 100% packet loss: Host unreachable, or ICMP is filtered by firewall
    • High latency (>200ms for nearby hosts): Network congestion or routing issues
    • Variable latency (jitter): Network instability

    Important caveat: Many servers block ICMP ping for security reasons. A ping failure does not always mean the host is down — try connecting on the actual service port to verify.

    Traceroute: Tracing the Network Path

    Traceroute shows every router hop between your computer and the destination, along with the latency at each hop. This is invaluable for identifying where a connection problem occurs.

    Usage:

    • Linux/macOS: `traceroute example.com`
    • Windows: `tracert example.com`
    • Better alternative: `mtr example.com` (combines ping and traceroute with real-time statistics)

    Interpreting traceroute output:

    • Each line represents one router hop
    • Three latency values are shown (three probe packets per hop)
    • `* * *` means the router did not respond (often firewall filtering, not a problem)
    • Latency should generally increase with each hop
    • A sudden large latency increase that persists for all subsequent hops indicates a real problem at that hop
    • A spike that recovers is likely just a router with deprioritized ICMP — not a real problem

    dig: The Definitive DNS Query Tool

    `dig` (Domain Information Groper) is the most powerful command-line DNS diagnostic tool, providing detailed output of DNS query results.

    Common usage examples:

    Query an A record: `dig example.com`

    Query specific record type: `dig MX example.com` or `dig TXT example.com`

    Query specific DNS server: `dig @8.8.8.8 example.com A` (use Google DNS)

    Trace full resolution path: `dig +trace example.com`

    Short output (just the answer): `dig +short example.com A`

    Check DNSSEC: `dig +dnssec example.com`

    Reverse DNS lookup: `dig -x 93.184.216.34`

    Key sections in dig output:

    • QUESTION SECTION: What you queried
    • ANSWER SECTION: The actual DNS records returned
    • AUTHORITY SECTION: The authoritative nameservers for the domain
    • SERVER: Which DNS server answered your query
    • Query time: How long the query took

    Troubleshooting with dig:

    Compare results from multiple DNS servers: `dig @8.8.8.8 example.com` vs `dig @1.1.1.1 example.com` to check consistency. Use `dig +trace` to see exactly how resolution proceeds from root servers, identifying where resolution fails.

    nslookup: Cross-Platform DNS Testing

    nslookup is available on Windows, macOS, and Linux, making it useful when dig is not installed.

    Basic queries:

    • `nslookup example.com` — Query system default DNS
    • `nslookup example.com 8.8.8.8` — Specify DNS server
    • `nslookup -type=MX example.com` — Query specific record type

    curl: Testing HTTP Connections

    curl is essential for testing HTTP and HTTPS connectivity, verifying certificates, and checking response headers.

    Show only response headers: `curl -I https://example.com`

    Verbose output including TLS handshake details: `curl -v https://example.com`

    Follow redirects: `curl -L https://example.com`

    Measure connection timing:

    `curl -w "DNS: %{time_namelookup}s\nConnect: %{time_connect}s\nSSL: %{time_appconnect}s\nTotal: %{time_total}s\n" -o /dev/null -s https://example.com`

    The timing output identifies which phase of a request is slow — DNS resolution, TCP connection establishment, TLS handshake, or content transfer.

    Interpreting Common Error Messages

    "DNS_PROBE_FINISHED_NXDOMAIN" (Chrome): DNS returned NXDOMAIN — the domain does not exist. Check for typos in the URL, verify the domain is registered and DNS records exist using our DNS Lookup tool.

    "ERR_CONNECTION_REFUSED": Your computer reached the server's IP but the server rejected the connection (nothing listening on that port). Check that the web server is running.

    "ERR_CONNECTION_TIMED_OUT": No response received within the timeout. Could be firewall blocking, server down, or network routing problem. Use traceroute to identify where the failure occurs.

    "ERR_SSL_PROTOCOL_ERROR": TLS handshake failed. Possible causes: expired certificate, certificate name mismatch, or server using outdated TLS version.

    "ERR_CERT_DATE_INVALID": The SSL certificate has expired. Investigate certificate expiration and renew immediately.

    A Practical Troubleshooting Workflow

    When a website or service is unreachable, follow this systematic workflow:

    • Verify the URL and try again — Rule out typos and transient failures
    • Try from a different device or network — Isolate whether the problem is local or widespread
    • Check DNS resolution: `dig example.com` — Does the domain resolve to the expected IP?
    • Test IP connectivity: `ping [IP from step 3]` — Can you reach the server's IP?
    • Test port connectivity: `curl -v https://example.com` — Can you establish an HTTP/S connection?
    • Run traceroute — If ping fails, identify where the path breaks
    • Check server status — Is the web server actually running?
    • Review recent changes — What changed recently? DNS, hosting, firewall, certificate?

    Conclusion

    Systematic network diagnostics with the right tools makes troubleshooting faster and more accurate. DNS issues are among the most common causes of website unreachability — use dig to quickly verify DNS resolution and compare results across multiple DNS servers.

    For a web-based DNS diagnostic view without command-line tools, our DNS Lookup tool provides multi-server query results, and our DNS Propagation Checker shows results from 28+ global locations simultaneously.

    Network Diagnostics
    Troubleshooting
    DNS
    Networking Tools
    Verified ExpertNetwork Specialist
    Get DNS INFO Team

    Certified Network Engineer with 10+ years of experience in global DNS infrastructure and technical SEO. Specializing in high-availability systems and search engine algorithms for 2026.

    View Full BiographyUpdated 2026

    Related Articles

    What is DNS? A Complete Guide to the Domain Name System
    DNS Basics
    12 min read

    What is DNS? A Complete Guide to the Domain Name System

    Learn how DNS works, why it matters for every website and email, and how domain names are translated into IP addresses. A comprehensive guide for beginners and professionals.

    DNSDomain NamesNetworking
    Jan 15, 2024Get DNS INFO Team
    DNS Propagation Explained: How Long Does It Take and How to Speed It Up
    DNS Basics
    10 min read

    DNS Propagation Explained: How Long Does It Take and How to Speed It Up

    Understand why DNS changes take time to propagate worldwide, what affects propagation speed, and proven techniques to minimize propagation time when changing DNS records.

    DNS PropagationTTLDNS Changes
    Feb 10, 2024Get DNS INFO Team
    Email Authentication: SPF, DKIM, and DMARC Explained
    Email Security
    14 min read

    Email Authentication: SPF, DKIM, and DMARC Explained

    A comprehensive guide to SPF, DKIM, and DMARC email authentication records. Learn how each protocol works, how to configure them correctly, and how they protect your domain from email spoofing.

    SPFDKIMDMARC
    Mar 1, 2024Get DNS INFO Team