host: connection timed out; no servers could be reached
Diagnose and fix the 'connection timed out; no servers could be reached' error when using the host DNS lookup command.
- When host Produces This Error
- What Causes "connection timed out; no servers could be reached" in host
- How to Fix "connection timed out; no servers could be reached" in host
- Fix 1: Verify Network Connectivity
- Fix 2: Check and Fix /etc/resolv.conf
- Fix 3: Test Against a Specific Public DNS Resolver
- Fix 4: Check Firewall Rules for UDP Port 53
- How to Verify the Fix
- Edge Cases and Variations
- Related host Errors
The host command produces "connection timed out; no servers could be reached" when it cannot contact any DNS resolver within its timeout window.
When host Produces This Error
The host command displays "connection timed out; no servers could be reached" when a DNS query fails to receive a response from any configured nameserver. This typically occurs when running a standard lookup such as
host example.com on a system with no network connectivity or a misconfigured DNS resolver.
The host command also produces this error when targeting a specific nameserver that is unreachable. Running
host example.com 203.0.113.1 against a non-responsive IP address triggers the same timeout message after the host command exhausts its retry attempts.
What Causes "connection timed out; no servers could be reached" in host
The host command sends DNS queries over UDP port 53 to the nameservers listed in
/etc/resolv.conf. The "connection timed out" error means none of those nameservers responded within the default timeout period. The host command retries each nameserver once before reporting failure.
A misconfigured
/etc/resolv.conf file is the most common cause of this host error. The file may contain nameserver entries that point to unreachable IP addresses, or it may be empty. Containerized environments and freshly provisioned virtual machines frequently have missing or incorrect resolver configurations.
A firewall blocking outbound UDP traffic on port 53 also causes the host "connection timed out" error. Corporate networks, cloud security groups, and local firewall rules (iptables, nftables, UFW) can all block DNS traffic. The host command cannot distinguish between a blocked port and a non-responsive server — both result in the same timeout message.
How to Fix "connection timed out; no servers could be reached" in host
Fix 1: Verify Network Connectivity
- Confirm the system has a working network connection by pinging a public IP address with the ping command:
ping -c 3 8.8.8.8If ping fails, the problem is network connectivity — not DNS. Resolve the network issue first.
Fix 2: Check and Fix /etc/resolv.conf
- Inspect the contents of
/etc/resolv.confto verify the host command has valid nameservers to query:
cat /etc/resolv.confThe file should contain at least one
nameserver line with a reachable IP address. If the file is empty or contains unreachable addresses, add a public DNS resolver:
echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf- Test the host command again after updating the resolver configuration:
host example.comFix 3: Test Against a Specific Public DNS Resolver
- Bypass the system resolver entirely by specifying a public DNS nameserver directly in the host command:
host example.com 1.1.1.1If this succeeds but
host example.com (without a nameserver) fails, the problem is confirmed to be in
/etc/resolv.conf— not a network or firewall issue.
Fix 4: Check Firewall Rules for UDP Port 53
- Verify that outbound UDP port 53 traffic is not blocked by a local firewall. On Ubuntu systems using UFW (Uncomplicated Firewall), check the current rules:
sudo ufw statusIf DNS traffic is blocked, allow outbound DNS queries:
sudo ufw allow out 53How to Verify the Fix
The host command returns DNS record data instead of the timeout error after the fix is applied:
host example.comExpected output:
example.com has address 93.184.216.34Confirm the fix is persistent by querying a second domain:
host google.comEdge Cases and Variations
The host command may time out intermittently on systems using DHCP-assigned DNS resolvers. DHCP lease renewals can temporarily overwrite
/etc/resolv.conf with unreachable nameserver entries. Systems running
systemd-resolved manage DNS resolution through a local stub resolver at
127.0.0.53. If the
systemd-resolved service stops, all host queries against
127.0.0.53 fail with the timeout error. Restart the service with
sudo systemctl restart systemd-resolved.
The host command on Docker containers inherits DNS configuration from the Docker daemon, not from the host system's
/etc/resolv.conf. Docker containers with DNS issues require changes to the Docker daemon's
--dns flag or the container's
docker run --dns option.
Related host Errors
- How to check DNS records with host— the standard usage guide for the host command, including querying specific record types and nameservers.
- The dig commandprovides more detailed DNS diagnostic output, including query timing and TTL values, which can help isolate timeout causes.
- The nslookup commandoffers an alternative DNS lookup tool with an interactive mode for debugging resolver issues.