What is NXDOMAIN?

How DNS Responds When a Domain Doesn't Exist

NXDOMAIN (Non-Existent Domain) is a DNS response code indicating that the queried domain name does not exist. DNS filters use NXDOMAIN responses to block access to unwanted domains.

Explore Free DNS Filters

Step 1: What is NXDOMAIN?

NXDOMAIN is one of several DNS response codes (RCODEs) defined in the DNS protocol. When a DNS resolver receives a query for a domain that doesn't exist — either because it was never registered or has been deleted — the authoritative nameserver returns NXDOMAIN (RCODE 3).

Your browser interprets this as "this website doesn't exist" and displays an error page. No connection attempt is made because there's no IP address to connect to.

DNS filtering services leverage this same mechanism to block unwanted domains by returning NXDOMAIN for blocklisted domains — making them behave as if they don't exist.

Step 2: NXDOMAIN in DNS Filtering

When DNS filtering blocks a domain, it can respond in two ways:

  • NXDOMAIN response: The resolver returns "domain not found" — the simplest blocking method. The browser shows its default error page
  • Redirect to block page: The resolver returns an IP address that points to a custom block page explaining why access was denied

CleanBrowsing supports both approaches. NXDOMAIN blocking is lightweight and fast, while block page redirects are more informative for users who need to understand why a site is blocked.

Step 3: NXDOMAIN vs Block Pages

  • NXDOMAIN: Silent blocking — users see a generic "site can't be reached" browser error. No additional infrastructure needed. Best for security-focused blocking where no explanation is required
  • Block page: Informative blocking — users see a branded page explaining why the domain was blocked, potentially with a request-access option. Requires a web server to host the block page. Best for organizations that need accountability and user communication

Some ISPs controversially redirect NXDOMAIN responses to their own search pages — intercepting legitimate "domain not found" responses to serve ads. This practice (called NXDOMAIN hijacking) breaks expected DNS behavior and can interfere with applications that rely on accurate NXDOMAIN responses.

Step 4: Troubleshooting NXDOMAIN

If you're getting unexpected NXDOMAIN responses:

  • Check if the domain is blocked: The domain may be on your blocklist or in a filtered category — check your CleanBrowsing dashboard
  • Verify the domain exists: Use command-line DNS tools to query a non-filtering resolver and confirm the domain is registered
  • Clear DNS cache: Stale NXDOMAIN responses can be cached — clear your DNS cache and try again
  • Check your spelling: Typos in domain names are a common cause of legitimate NXDOMAIN responses

Block unwanted domains with DNS filtering

Explore Free DNS Filters