Network Error Fixes -- DNS, Timeout & Connection Refused
Network errors like DNS resolution failure, connection timeout, and connection refused are the most common connectivity issues developers face -- this guide covers how to diagnose and fix each one using built-in tools.
What You'll Learn
Why It Matters
Every developer depends on network connectivity. A DNS resolution failure or timeout can shut down your development environment, CI/CD pipeline, or production service.
Real-World Use
When your apt update fails with "Temporary failure in name resolution", your Docker container cannot reach the outside internet, or your web app returns 502 Bad Gateway, these fixes apply.
Common Network Errors Table
| Error Message | Cause | Fix |
|---|---|---|
| Temporary failure in name resolution | DNS server unreachable or misconfigured | Check /etc/resolv.conf and test with dig |
| Connection timed out | Firewall blocking or server down | Check firewall rules and server status |
| Connection refused | No service listening on the port | Verify the service is running and port is correct |
| Network is unreachable | No route to the destination | Check network interface and gateway |
| SSL: certificate verify failed | Certificate expired or untrusted CA | Update CA certificates or add the cert |
Step-by-Step Fixes
Fix 1: DNS Resolution Failure
# Test DNS resolution
nslookup google.com
# Use dig for detailed info
dig google.com
# Check system DNS configuration
cat /etc/resolv.conf
# Test with an alternative DNS server
dig @8.8.8.8 google.com
# Clear DNS cache (systemd-resolved)
sudo resolvectl flush-caches
Expected output:
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: google.com
Address: 142.250.80.14
Fix 2: Connection Timeout
# Test connectivity with ping
ping -c 4 8.8.8.8
# Trace the route
traceroute google.com
# Check firewall rules
sudo iptables -L -n
sudo ufw status
# Test a specific port with nc
nc -zv 192.168.1.100 80
Expected output:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=8.42 ms
Fix 3: Connection Refused
# Check if the service is listening
ss -tulpn | grep :8080
# Or use netstat
netstat -tulpn | grep 8080
# Check service status
systemctl status nginx
# Start the service
sudo systemctl start nginx
sudo systemctl enable nginx
Expected output:
tcp LISTEN 0 511 0.0.0.0:8080 0.0.0.0:* users:(("nginx",pid=1234,fd=8))
Fix 4: SSL Certificate Verify Failed
# Test SSL connection
curl -vI https://example.com
# Check certificate details
openssl s_client -connect example.com:443 -servername example.com < /dev/null | openssl x509 -text
# Update CA certificates
sudo apt update && sudo apt install ca-certificates -y
# Add a custom CA certificate
sudo cp my-ca.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
Expected output:
* SSL certificate verify ok.
* Server certificate:
* subject: CN=example.com
* start date: Jun 1 00:00:00 2025 GMT
* expire date: Jun 30 23:59:59 2026 GMT
Fix 5: Network Unreachable
# Check network interfaces
ip addr show
# Check routing table
ip route show
# Check default gateway
route -n
# Bring interface up/down
sudo ip link set eth0 down
sudo ip link set eth0 up
# Renew DHCP lease
sudo dhclient eth0
Expected output:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0
Network Error Diagnosis Flowchart
flowchart TD
A[Network Error] --> B{Can you ping 8.8.8.8?}
B -->|No| C[Check network interface: ip addr]
C --> D[Check gateway: ip route]
D --> E[Check physical connection / cable]
B -->|Yes| F{Can you resolve hostnames?}
F -->|No| G[Check /etc/resolv.conf]
G --> H[Test with dig "@8".8.8.8]
F -->|Yes| I{Can you connect to the port?}
I -->|No| J[Test with nc -zv host port]
J --> K[Check if service is listening]
I -->|Yes| L{Is SSL working?}
L -->|No| M[Check cert with openssl s_client]
L -->|Yes| N[Connection successful]
Prevention Tips
- Use a monitoring tool like
pingoruptimerobotto alert you when services go down - Configure multiple DNS servers in
/etc/resolv.conf(primary + fallback) - Set up firewall rules explicitly instead of relying on defaults
- Use
systemdservices withRestart=alwaysto auto-recover from crashes - Monitor SSL certificate expiry dates and set up renewal reminders 30 days before expiry
Practice Questions
What is the difference between "connection refused" and "connection timed out"? Answer: Connection refused means the server actively rejected the connection (no service on that port). Connection timed out means the request reached the network but got no response (firewall, server down, or network issue).
How do you test DNS resolution independently of your system resolver? Answer: Use
dig @8.8.8.8 example.comto query Google's public DNS directly, bypassing your local DNS configuration.What command shows all services currently listening on TCP ports? Answer:
ss -tulpnornetstat -tulpnshows listening TCP and UDP sockets with the associated process name and PID.How do you check if an SSL certificate is about to expire? Answer: Use
openssl s_client -connect example.com:443 < /dev/null | openssl x509 -noout -datesto see the start and expiry dates.Challenge: Write a bash script that takes a hostname and port as arguments, tests DNS resolution, ping, TCP connectivity, and SSL certificate validity, then prints a pass/fail report. Answer:
#!/bin/bash host="$1" port="${2:-443}" dig +short "$host" | grep -q '^[0-9]' && echo "DNS: PASS" || echo "DNS: FAIL" ping -c1 -W2 "$host" > /dev/null 2>&1 && echo "Ping: PASS" || echo "Ping: FAIL" nc -zv "$host" "$port" > /dev/null 2>&1 && echo "TCP:$port: PASS" || echo "TCP:$port: FAIL" openssl s_client -connect "$host:$port" -servername "$host" < /dev/null 2>/dev/null | grep -q "verify return:1" && echo "SSL: PASS" || echo "SSL: FAIL"
Quick Reference
| Error | Diagnostic Command | Fix Command |
|---|---|---|
| DNS failure | dig google.com |
resolvectl flush-caches |
| Connection timeout | ping 8.8.8.8 |
Check iptables -L and ufw status |
| Connection refused | nc -zv host 80 |
systemctl start nginx |
| SSL cert failed | openssl s_client -connect host:443 |
update-ca-certificates |
| Network unreachable | ip addr && ip route |
sudo dhclient eth0 |
Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro