SERVFAIL Error: Understanding and Resolving

The DNS server cannot resolve your query. Here's why and how to fix it.

SERVFAIL is a DNS response indicating that the server encountered an error while trying to resolve your query. Unlike NXDOMAIN which means the domain doesn't exist, SERVFAIL indicates a technical problem on the server side. Causes vary: DNSSEC validation failure, unreachable authoritative servers, misconfigured DNS zone, or timeout to upstream servers. Accurate diagnosis requires querying different levels of the DNS chain.

Symptoms of a SERVFAIL Error

  • DNS resolution fails with SERVFAIL code
  • Site accessible from some networks but not others
  • "Server failure" or "DNS_PROBE_FINISHED_NXDOMAIN" errors in browser
  • dig returns "status: SERVFAIL" in the response

Main Causes

  • DNSSEC failure: The DNSSEC signature is invalid or expired. The resolver validates signatures and rejects non-compliant responses.
  • Unreachable NS servers: All authoritative servers configured in the parent zone are unreachable (outage, firewall, wrong IP).
  • Corrupted zone: The DNS zone contains syntax errors or invalid records that the server cannot parse.
  • seo.dns_servfail.cause_4_title seo.dns_servfail.cause_4_desc

Diagnostic Steps

  1. Test with a public resolver: dig @8.8.8.8 example.com and compare with your local resolver.
  2. Query authoritative NS directly: dig @ns1.example.com example.com to bypass cache.
  3. Check DNSSEC: dig +dnssec example.com and look for the AD (Authentic Data) flag.
  4. Review your provider's DNS logs and verify zone configuration.

Automatic Detection with MoniTao

MoniTao monitors your DNS records and alerts you immediately on SERVFAIL:

  • Detection of SERVFAIL errors from multiple locations
  • Alert if authoritative NS become unreachable
  • Monitoring of DNSSEC status and signatures

Best Practices

  • Test your zone with tools like dnsviz.net before publishing
  • Maintain at least 2 NS servers on different networks
  • If using DNSSEC, monitor signature expiration dates
  • Document rollback procedure in case of zone problems

FAQ - SERVFAIL Error

Is SERVFAIL permanent?

Not necessarily. If the problem is a temporary timeout to NS, SERVFAIL may resolve itself. But configuration issues persist until fixed.

Why do I see SERVFAIL when others don't?

Resolvers have different caches and different DNSSEC policies. A resolver without DNSSEC validation may accept a response another would reject.

How to temporarily bypass a SERVFAIL?

You can use a public resolver (8.8.8.8, 1.1.1.1) or add an entry in /etc/hosts. But this doesn't fix the underlying problem.

Does SERVFAIL impact SEO?

Yes. If Googlebot cannot resolve your domain, your site will be temporarily deindexed. Monitor your DNS to avoid such situations.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing