Hi Wes On Tue, May 26, 2026 at 12:06:00PM -0700, Wes Hardaker wrote: > Mukund Sivaraman <[email protected]> writes: > > > RFC 8914 specifies an EXTRA-TEXT field with UTF-8 encoding which is > > intended for users. From the RFC: > > > > > This information is intended for human consumption (not automated > > > parsing). > > As one of the authors of RFC8914, a bit of context: this was heavily > discussed in the creation of RFC8914 and the decision at the time was > that yes the extra-text field should exist, and should be useful for > human consumption. But note that it does not state "users" as the > thinking at the time was it wasn't for end-users in browsers or other > contexts, but rather for logging and reading by network administrators. > Getting text right to show to end-users is far far harder (as we've > learned) than getting it right for network operators that have a lot > more experience in reading and understanding error messages.
Perhaps the point of argument is the meaning we attach to the words
"users", "end-users", etc. Is a human who knows how to use dig on their
computer a "user" or a "network operator"?
As an experiment, I thought about what a non-computer-skilled person
such as a civil engineer or a financial accountant may do today if they
found that their web browser was returning an error when they tried to
connect to their bank website. They could call their ISP's technical
support and ask them. They could also ask an LLM which is common
behaviour these days. I have attached text files of the results of what
a couple of brands of LLMs that don't require registration answer for
the question "If am not able to browse a domain on my computer, what
steps can I use to know what the problem is?" Among the suggestions, the
LLMs suggest checking the output of commands run outside the web
browser, such as "ping", "nslookup", and "dig" to troubleshoot the
problem. The user might then try running the commands and understand
their output and figure it out, or copy the output of such commands to
an LLM prompt and ask it to explain what it means. Here, clearly the
human is a proxy and it's the LLM that's receiving this information, and
that's where the world appears to be evolving to. (Could an LLM or its
agent be considered a user if it parses information just like a human,
perhaps better than the average human due to its vast knowledge? I'm
also not suggesting that users ought to run commands from LLMs.)
The point is that there are clients such as "dig" that can be used even
by non-network humans to troubleshoot results of DNS queries. Why
shouldn't DNS responses include textual information to troubleshoot
issues?
In the DNS context, there are not only web browsers and their users. DNS
protocol caters to DNS clients and DNS users. Web browsers are one class
of DNS clients and we want to serve them well, but not limit DNS to just
that.
If the web browser folks don't want to use/display text from DNS
protocol, that's their choice; I was responding to the previous post
that said this:
> Text that is shown to end users is "content". DNS is a platform for
> distributing technical metadata, not content for users.
This text falls more into the category of "technical metadata" and not
"content". And DNS "users" are not just non-computer-savvy
persons. Perhaps by "end users" Ben meant web-browser non-computer-savvy
persons only, but the second sentence about DNS platform made it sound
different like a blanket statement about DNS. That text is indeed to be
shown to DNS users by clients such as dig, and any other programs using
richer DNS libraries that may choose to do so.
BTW, thank you and your co-authors for preparing RFC 8914. From my POV,
I think it is one of the most important DNS RFCs. It has the potential
to immensely help DNS troubleshooting once error information is conveyed
more completely in implementations. Having observed engineers debugging
customer-reported DNS resolver problems by browsing pcaps and matching
against syslogs for years, I am convinced the potential of EXTRA-TEXT
will show itself over time. Putting my money where my mouth is, I added
EXTRA-TEXT messages to report several kinds of conditions in Loop's
nameserver because I am convinced it greatly eases access to information
about what happened when processing a query.
Mukund
**Providing troubleshooting steps**
The user is asking for troubleshooting steps, and I need to create a concise
checklist that includes useful commands like ping, traceroute, nslookup, and
such. I’ll ensure to cover Windows, macOS, and Linux, using helpful headings.
I might consider if I should call the RelatedSearchTerms tool because the
guidelines suggest invoking it for certain topics, especially when it could
enhance my response. However, since this is technical troubleshooting, it might
not be necessary. Still, maybe I could add that tool at the end of my response
if appropriate.**Creating a concise checklist**
I see that it says “may invoke,” so I think I'll skip using any additional
tools to keep things concise. Instead, I’ll focus on providing clear, numbered
steps. I also want to include commands formatted using code blocks, which means
I must use triple backticks for the appropriate language. This way, my
checklist will be both organized and easy to follow. Let’s get started on
making this concise checklist!Here’s a concise, ordered troubleshooting
checklist to find why a domain won’t load from your computer:
1. Confirm scope
- Try the domain from another device on the same network and from a
different network (mobile tether or another Wi‑Fi) to see if problem is local,
network, or remote.
2. Check basic connectivity
- Ping the domain (or its IP) to see if it responds.
- Windows/macOS/Linux:
```
ping example.com
```
- If ping fails but other sites work, it may be DNS or the site blocks ICMP.
3. Test DNS resolution
- Resolve the domain to an IP:
- Windows:
```
nslookup example.com
```
- macOS/Linux:
```
dig example.com +short
```
- If resolution fails, try a different DNS (e.g., 1.1.1.1 or 8.8.8.8) or
flush DNS cache:
- Windows:
```
ipconfig /flushdns
```
- macOS:
```
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
```
- Linux (systemd):
```
sudo systemd-resolve --flush-caches
```
4. Trace the route
- Run traceroute to see where packets stop.
- Windows:
```
tracert example.com
```
- macOS/Linux:
```
traceroute example.com
```
5. Check HTTP(S) connectivity and headers
- Use curl to see HTTP status and errors:
```
curl -I https://example.com
curl -v https://example.com
```
- Look for redirects, TLS errors, 4xx/5xx responses.
6. Browser checks
- Try a different browser or an incognito/private window.
- Open Developer Tools → Network tab to inspect requests, status codes, and
blocked resources.
- Clear cache or disable extensions (especially privacy blockers, proxies).
7. Hosts file and local overrides
- Verify there's no blocking entry for the domain in the hosts file.
- Windows: C:\Windows\System32\drivers\etc\hosts
- macOS/Linux: /etc/hosts
8. Proxy, VPN, firewall, antivirus
- Disable any proxy or VPN temporarily.
- Check local firewall rules and security software that could block the
domain or ports (80/443).
9. Port and service checks
- Verify the site’s expected ports are open (80, 443):
```
telnet example.com 443
```
or
```
nc -vz example.com 443
```
10. TLS/Certificate problems
- If TLS errors appear in the browser or curl, inspect certificate details
(expired, wrong host, untrusted CA).
11. Check for ISP or upstream issues
- If traceroute shows failure upstream, try a different network or contact
your ISP.
- Use online site-checkers (from another network) to see if the site is
down globally.
12. Server-side or application issues
- If you control the server, check server logs, web server status, and
firewall on the host.
- Confirm DNS A/AAAA records and CDN configuration are correct.
13. Gather diagnostics
- Collect results of: ping, traceroute, nslookup/dig, curl -v output,
browser console errors, hosts file content, VPN/proxy status — then escalate to
network admin or hosting provider with those details.
If you want, tell me your OS and one failed command’s output (e.g., nslookup or
curl -v) and I’ll interpret it.When a browser shows an error for a specific domain, the fastest way to diagnose it is to narrow down *where* the failure happens: DNS, network, TLS/SSL, the website itself, or your local machine/browser. Here’s a practical checklist. --- ## 1. Read the exact browser error The wording matters a lot. Examples: * `DNS_PROBE_FINISHED_NXDOMAIN` → DNS problem * `ERR_CONNECTION_TIMED_OUT` → network/server unreachable * `ERR_SSL_PROTOCOL_ERROR` → TLS/SSL issue * `Your connection is not private` → certificate mismatch/expired cert * `502 / 503 / 504` → server-side issue * `403 Forbidden` → access blocked * `404 Not Found` → page missing, domain itself may still work Search or note the exact code before changing settings. --- ## 2. Check whether the site is down for everyone Try: * Another device * Mobile data instead of Wi-Fi * A different browser You can also use: * [Down For Everyone Or Just Me](https://downforeveryoneorjustme.com?utm_source=chatgpt.com) * [Is It Down Right Now](https://www.isitdownrightnow.com?utm_source=chatgpt.com) If everyone sees the issue, it’s likely the website/server. --- ## 3. Test DNS resolution A very common cause is broken DNS. ### Windows Open Command Prompt: ```bash nslookup example.com ``` ### macOS/Linux ```bash dig example.com ``` or: ```bash host example.com ``` What to look for: * If no IP address is returned → DNS issue * If the IP looks wrong → stale or poisoned DNS cache Try changing DNS servers temporarily: * Cloudflare: `1.1.1.1` * Google: `8.8.8.8` Useful tools: * [Cloudflare DNS Checker](https://1.1.1.1/help?utm_source=chatgpt.com) --- ## 4. Ping or trace the route ### Ping ```bash ping example.com ``` If DNS resolves but ping fails: * ICMP may simply be blocked * Or the server/network is unreachable ### Trace route #### Windows ```bash tracert example.com ``` #### macOS/Linux ```bash traceroute example.com ``` This helps identify: * ISP routing problems * VPN/firewall interference * Packet loss --- ## 5. Check HTTPS / SSL certificate problems Use: * [SSL Labs Server Test](https://www.ssllabs.com/ssltest/?utm_source=chatgpt.com) Common SSL causes: * Expired certificate * Wrong hostname * Old browser/OS * Incorrect system clock * Antivirus HTTPS inspection Also verify your computer’s date/time is correct. --- ## 6. Try another browser or private/incognito mode This isolates: * Extensions * Corrupted cookies * Cached HSTS policies * Browser profile issues You can also clear: * Cache * Cookies * DNS cache ### Flush DNS cache #### Windows ```bash ipconfig /flushdns ``` #### macOS ```bash sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder ``` --- ## 7. Check local blocking Possible blockers: * Firewall * Antivirus web protection * VPN * Corporate proxy * Hosts file entries * Ad blockers ### Hosts file locations #### Windows ```text C:\Windows\System32\drivers\etc\hosts ``` #### macOS/Linux ```text /etc/hosts ``` Look for lines redirecting the domain. --- ## 8. Use browser developer tools In Chrome/Edge/Firefox: * Press `F12` * Open the **Network** tab * Reload the page This shows: * Failed requests * DNS delays * TLS handshake failures * HTTP status codes * Redirect loops --- ## 9. Test with command-line HTTP tools ### Curl ```bash curl -Iv https://example.com ``` Useful for: * Seeing TLS negotiation * Redirects * HTTP headers * Connection failures --- ## 10. Compare against another network Try: * Mobile hotspot * Different Wi-Fi * VPN on/off If it works elsewhere: * ISP DNS issue * Network filtering * Router problem * Geo-blocking --- ## Quick diagnosis map | Symptom | Likely Cause | | ------------------------- | ------------------------------- | | Domain doesn’t resolve | DNS | | Works on phone but not PC | Local browser/network | | HTTPS warnings | SSL certificate | | Only one browser fails | Extensions/cache | | Works with VPN only | ISP/routing/blocking | | 5xx errors | Website server problem | | Timeout after resolving | Firewall/routing/server offline | --- If you want, you can paste: * the exact error message, * the domain, * and your OS/browser, and I can help pinpoint the likely cause.
To find out why a website won't load on your computer, follow these diagnostic steps to isolate the issue. ## 1. Test Other Websites * Open a new tab. * Try loading a popular site like Google. * If nothing loads, your internet connection is broken. * If other sites work, the problem is domain-specific. [1, 2] ## 2. Check the Domain Status * Open a site checker like downforeveryoneorjustme.com. * Enter the broken domain name. * The tool will tell you if the website is down for everyone or just you. [3, 4, 5, 6] ## 3. Try Another Device and Network [7] * Open the website on your phone. * Use cellular data instead of home Wi-Fi. * If it loads, your router or local network is blocking it. [8, 9, 10, 11] ## 4. Use the Ping Command [12] * Open Command Prompt (Windows) or Terminal (Mac). * Type ping example.com (replace with your domain) and press Enter. * Look for the results: * Successful replies: Your computer can reach the server; the issue is likely your browser. * Request timed out: The server is offline or blocking requests. * Could not find host: Your computer cannot translate the domain name into an IP address. [13, 14, 15, 16, 17] ## 5. Check DNS Resolution (NSLOOKUP) [18] * In your Command Prompt or Terminal, type nslookup example.com. * If it returns an error like "Non-existent domain," your DNS server cannot find the site. * If it returns an IP address, your DNS is working fine. [19, 20, 21] ## 6. Clear Caches [22] * Clear your browser cache and cookies. * Flush your computer's DNS cache. * Windows: Type ipconfig /flushdns in Command Prompt. * Mac: Type sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder in Terminal. [23, 24, 25, 26, 27] ## 7. Inspect Firewalls and Extensions [28] * Disable your antivirus or firewall temporarily to test. * Turn off browser extensions, especially ad-blockers or VPNs. [29, 30, 31, 32, 33] To narrow this down, let me know: * What error message do you see in the browser? (e.g., ERR_CONNECTION_TIMED_OUT, DNS_PROBE_FINISHED_NXDOMAIN) * Are you on a home network or a corporate/school network? * What operating system (Windows, Mac) are you running? [34, 35, 36, 37] [1] [https://www.cpanel.net](https://www.cpanel.net/blog/tips-and-tricks/my-website-is-down-what-next/) [2] [https://uptimerobot.com](https://uptimerobot.com/knowledge-hub/monitoring/fix-dns-probe-finished-nxdomain-error/) [3] [https://www.namecheap.com](https://www.namecheap.com/support/knowledgebase/article.aspx/10591/2194/how-to-fix-the-dns-server-not-responding-error/) [4] [https://www.hostpapa.com](https://www.hostpapa.com/blog/web-design-development/how-to-fix-the-dns-probe-finished-nxdomain-error/) [5] [https://www.siteground.com](https://www.siteground.com/kb/fix-this-site-cant-be-reached/) [6] [https://www.wpoven.com](https://www.wpoven.com/blog/err_connection_refused/) [7] [https://www.pcmag.com](https://www.pcmag.com/explainers/12-tips-to-troubleshoot-your-internet-connection) [8] [https://crosslinkconsulting.net](https://crosslinkconsulting.net/why-a-website-wont-load-and-how-to-tell-if-its-you-or-them/) [9] [https://www.greengeeks.com](https://www.greengeeks.com/blog/how-to-fix-dns-probe-finished-nxdomain/) [10] [https://www.interserver.net](https://www.interserver.net/tips/kb/web-troubleshooting-steps-to-diagnose-your-broken-site/) [11] [https://www.nslookup.io](https://www.nslookup.io/learning/dns-server-not-responding/) [12] [https://phoenixnap.com](https://phoenixnap.com/kb/dns-troubleshooting) [13] [https://www.hostwinds.com](https://www.hostwinds.com/blog/7-ways-to-fix-webpage-not-available-error) [14] [https://www.whatismyip.com](https://www.whatismyip.com/how-to-find-the-ip-address-of-a-website/) [15] [https://aktiv.com.au](https://aktiv.com.au/blog/2017/10/15/access-websites-isp-trouble/) [16] [https://www.hostwinds.com](https://www.hostwinds.com/blog/7-ways-to-fix-webpage-not-available-error) [17] [https://veepn.com](https://veepn.com/blog/google-search-not-working-with-vpn/) [18] [https://placideconsulting.com](https://placideconsulting.com/troubleshooting) [19] [https://www.expressvpn.com](https://www.expressvpn.com/blog/dns-server-not-responding/) [20] [https://manage.accuwebhosting.com](https://manage.accuwebhosting.com/knowledgebase/4594/How-to-resolve-the-This-Site-Cant-Be-Reached-Error.html) [21] [https://community.spiceworks.com](https://community.spiceworks.com/t/i-cant-access-our-hosted-website-internally-but-cant-from-external-network/932215) [22] [https://community.spiceworks.com](https://community.spiceworks.com/t/404-error-when-trying-to-access-company-website/330858) [23] [https://contabo.com](https://contabo.com/blog/err-name-not-resolved-fix/) [24] [https://www.hosted.com](https://www.hosted.com/articles/how-to-fix-err-name-not-resolved-error/) [25] [https://learn.microsoft.com](https://learn.microsoft.com/en-us/answers/questions/3863197/why-is-my-laptop-connected-to-internet-but-not-wor) [26] [https://support.google.com](https://support.google.com/chrome/thread/383867314/website-not-accessing?hl=en) [27] [https://www.bluehost.com](https://www.bluehost.com/blog/troubleshooting-new-domain/) [28] [https://learn.microsoft.com](https://learn.microsoft.com/en-us/answers/questions/3848637/trouble-shooting-a-were-having-touble-finding-that) [29] [https://www.bytagig.com](https://www.bytagig.com/articles/troubleshooting-dns-server-unavailability-why-it-happens-and-how-to-fix-dns-server-unavailable/) [30] [https://www.canspace.ca](https://www.canspace.ca/blog/website-development/how-to-fix-the-err_name_not_resolved-error/) [31] [https://www.ionos.com](https://www.ionos.com/digitalguide/websites/web-development/dns-probe-finished-nxdomain/) [32] [https://learn.microsoft.com](https://learn.microsoft.com/en-in/answers/questions/5882708/opening-web-page) [33] [https://learn.microsoft.com](https://learn.microsoft.com/en-in/answers/questions/2399349/website-had-a-problem-in-loading) [34] [https://learn.microsoft.com](https://learn.microsoft.com/en-my/answers/questions/5496303/how-to-fix-this-site-cannot-be-reached-on-my-windo) [35] [https://learn.microsoft.com](https://learn.microsoft.com/en-us/answers/questions/3993441/computer-is-supposedly-connected-to-the-wi-fi-but) [36] [https://www.softwarehubs.com](https://www.softwarehubs.com/troubleshooting/nxdomain.html) [37] [https://support.google.com](https://support.google.com/chrome/thread/398782637/website-or-domain-access-problem?hl=en)
signature.asc
Description: PGP signature
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
