Skip to content

Network Error Fixes -- DNS, Timeout & Connection Refused

DodaTech Updated 2026-06-22 5 min read

Network errors like DNS resolution failure, connection timeout, and connection refused are the most common connectivity issues developers face -- this guide covers how to diagnose and fix each one using built-in tools.

What You'll Learn

Why It Matters

Every developer depends on network connectivity. A DNS resolution failure or timeout can shut down your development environment, CI/CD pipeline, or production service.

Real-World Use

When your apt update fails with "Temporary failure in name resolution", your Docker container cannot reach the outside internet, or your web app returns 502 Bad Gateway, these fixes apply.

Common Network Errors Table

Error Message Cause Fix
Temporary failure in name resolution DNS server unreachable or misconfigured Check /etc/resolv.conf and test with dig
Connection timed out Firewall blocking or server down Check firewall rules and server status
Connection refused No service listening on the port Verify the service is running and port is correct
Network is unreachable No route to the destination Check network interface and gateway
SSL: certificate verify failed Certificate expired or untrusted CA Update CA certificates or add the cert

Step-by-Step Fixes

Fix 1: DNS Resolution Failure

# Test DNS resolution
nslookup google.com

# Use dig for detailed info
dig google.com

# Check system DNS configuration
cat /etc/resolv.conf

# Test with an alternative DNS server
dig @8.8.8.8 google.com

# Clear DNS cache (systemd-resolved)
sudo resolvectl flush-caches

Expected output:

Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   google.com
Address: 142.250.80.14

Fix 2: Connection Timeout

# Test connectivity with ping
ping -c 4 8.8.8.8

# Trace the route
traceroute google.com

# Check firewall rules
sudo iptables -L -n
sudo ufw status

# Test a specific port with nc
nc -zv 192.168.1.100 80

Expected output:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=8.42 ms

Fix 3: Connection Refused

# Check if the service is listening
ss -tulpn | grep :8080

# Or use netstat
netstat -tulpn | grep 8080

# Check service status
systemctl status nginx

# Start the service
sudo systemctl start nginx
sudo systemctl enable nginx

Expected output:

tcp   LISTEN 0      511      0.0.0.0:8080    0.0.0.0:*    users:(("nginx",pid=1234,fd=8))

Fix 4: SSL Certificate Verify Failed

# Test SSL connection
curl -vI https://example.com

# Check certificate details
openssl s_client -connect example.com:443 -servername example.com < /dev/null | openssl x509 -text

# Update CA certificates
sudo apt update && sudo apt install ca-certificates -y

# Add a custom CA certificate
sudo cp my-ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

Expected output:

*  SSL certificate verify ok.
*  Server certificate:
*    subject: CN=example.com
*    start date: Jun 1 00:00:00 2025 GMT
*    expire date: Jun 30 23:59:59 2026 GMT

Fix 5: Network Unreachable

# Check network interfaces
ip addr show

# Check routing table
ip route show

# Check default gateway
route -n

# Bring interface up/down
sudo ip link set eth0 down
sudo ip link set eth0 up

# Renew DHCP lease
sudo dhclient eth0

Expected output:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
    inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0

Network Error Diagnosis Flowchart

flowchart TD
    A[Network Error] --> B{Can you ping 8.8.8.8?}
    B -->|No| C[Check network interface: ip addr]
    C --> D[Check gateway: ip route]
    D --> E[Check physical connection / cable]
    B -->|Yes| F{Can you resolve hostnames?}
    F -->|No| G[Check /etc/resolv.conf]
    G --> H[Test with dig "@8".8.8.8]
    F -->|Yes| I{Can you connect to the port?}
    I -->|No| J[Test with nc -zv host port]
    J --> K[Check if service is listening]
    I -->|Yes| L{Is SSL working?}
    L -->|No| M[Check cert with openssl s_client]
    L -->|Yes| N[Connection successful]

Prevention Tips

  • Use a monitoring tool like ping or uptimerobot to alert you when services go down
  • Configure multiple DNS servers in /etc/resolv.conf (primary + fallback)
  • Set up firewall rules explicitly instead of relying on defaults
  • Use systemd services with Restart=always to auto-recover from crashes
  • Monitor SSL certificate expiry dates and set up renewal reminders 30 days before expiry

Practice Questions

  1. What is the difference between "connection refused" and "connection timed out"? Answer: Connection refused means the server actively rejected the connection (no service on that port). Connection timed out means the request reached the network but got no response (firewall, server down, or network issue).

  2. How do you test DNS resolution independently of your system resolver? Answer: Use dig @8.8.8.8 example.com to query Google's public DNS directly, bypassing your local DNS configuration.

  3. What command shows all services currently listening on TCP ports? Answer: ss -tulpn or netstat -tulpn shows listening TCP and UDP sockets with the associated process name and PID.

  4. How do you check if an SSL certificate is about to expire? Answer: Use openssl s_client -connect example.com:443 < /dev/null | openssl x509 -noout -dates to see the start and expiry dates.

  5. Challenge: Write a bash script that takes a hostname and port as arguments, tests DNS resolution, ping, TCP connectivity, and SSL certificate validity, then prints a pass/fail report. Answer:

    #!/bin/bash
    host="$1"
    port="${2:-443}"
    dig +short "$host" | grep -q '^[0-9]' && echo "DNS: PASS" || echo "DNS: FAIL"
    ping -c1 -W2 "$host" > /dev/null 2>&1 && echo "Ping: PASS" || echo "Ping: FAIL"
    nc -zv "$host" "$port" > /dev/null 2>&1 && echo "TCP:$port: PASS" || echo "TCP:$port: FAIL"
    openssl s_client -connect "$host:$port" -servername "$host" < /dev/null 2>/dev/null | grep -q "verify return:1" && echo "SSL: PASS" || echo "SSL: FAIL"
    

Quick Reference

Error Diagnostic Command Fix Command
DNS failure dig google.com resolvectl flush-caches
Connection timeout ping 8.8.8.8 Check iptables -L and ufw status
Connection refused nc -zv host 80 systemctl start nginx
SSL cert failed openssl s_client -connect host:443 update-ca-certificates
Network unreachable ip addr && ip route sudo dhclient eth0

Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro