DNS Failure Mode Checklist

DNS is the most common 'sudden everything is broken' cause. The checklist that ranks the seven failure modes.

The seven

1. Authoritative server down. 2. Resolver down. 3. Cache poisoning.

4. NXDOMAIN cached too long. 5. TTL too high for change.

6. CNAME chain broken. 7. DNSSEC validation failure.

Triage in order

Start with: can the resolver reach authoritative? If no, network issue.

If yes: are records correct? If no, change recently? Roll back.

Prevention

Short TTLs during planned changes (TTL of 60s, plan 4 hours ahead).

Multi-region authoritative DNS. Health checks with automatic failover.