SERVFAIL — What It Means & How to Fix It

What Does This Error Mean?

SERVFAIL stands for Server Failure. It is a DNS response code that means the DNS server was unable to process your request. Unlike NXDOMAIN (where the domain does not exist), SERVFAIL means the server tried to look up the domain but failed due to an internal error. The DNS server may have had trouble querying upstream name servers, encountered a configuration problem, or the domain's DNS records are misconfigured.

Affected Models

Windows
macOS
Linux
Android
iOS
All internet-connected devices
All web browsers

Common Causes

The domain's authoritative name server is down or unreachable
The domain's DNS records are misconfigured or have a validation error (DNSSEC failure)
The DNS resolver your device uses is having an internal error
A network connectivity problem prevents your DNS server from reaching upstream name servers
The domain owner's DNS hosting provider is experiencing an outage

How to Fix It

Check if the problem affects only one site or all sites. Try loading several different websites. If only one site gets SERVFAIL, the problem is with that site's DNS — not your setup.

If all sites fail, your DNS server is the problem. If just one site fails, the domain's DNS is misconfigured.
Switch to a public DNS server. Change your DNS to 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare). If the site loads after switching, your original DNS server was the source of the SERVFAIL.

Public DNS servers often recover from upstream failures faster than ISP DNS servers.
Flush your DNS cache. On Windows, run ipconfig /flushdns in Command Prompt. On Mac, run sudo dscacheutil -flushcache. Then reload the page.

Your device may be serving a cached SERVFAIL response. Flushing forces a fresh lookup.
Check the domain using an online DNS lookup tool at mxtoolbox.com. Enter the domain and check for any error indicators in the DNS records.

This lets you check the domain's DNS health independently of your device or ISP.
Restart your router and modem. Unplug both, wait 30 seconds, and plug them back in. Your router's DNS relay service may be experiencing an issue.

Wait a full 2 minutes for the router to fully restart before testing.

When to Call a Professional

If you own the affected domain and are getting SERVFAIL, check your DNS records with your domain registrar and DNS hosting provider immediately. A DNSSEC misconfiguration or broken nameserver record is a common cause. Your registrar's support team can help diagnose and fix the DNS configuration.

Frequently Asked Questions

What is DNSSEC and can it cause SERVFAIL?

DNSSEC is a security extension for DNS that adds digital signatures to DNS records. This helps prevent attackers from providing fake DNS answers. However, if a domain owner sets up DNSSEC incorrectly — or if the signatures expire — DNS resolvers that validate DNSSEC will return SERVFAIL. This is one of the most common causes of SERVFAIL for otherwise working domains.

If I see SERVFAIL on only one website, can I do anything?

Not much from your end, unfortunately. SERVFAIL on a single domain usually means the domain's DNS is misconfigured. You can try switching DNS servers to see if a different resolver handles it better. But ultimately, the website owner needs to fix their DNS records. You should contact the site if possible to let them know.

How is SERVFAIL different from the website just being down?

SERVFAIL happens before the website even loads — it is a DNS-level error. Your browser never even gets to attempt connecting to the website's server. A website being down means DNS worked fine, your browser connected to the server, but the server returned an error (like 500 or 503). SERVFAIL is further up the chain — the address lookup itself failed.