DNS_PROBE_FINISHED_BAD_CONFIG is a Chrome error that means your device attempted a DNS lookup and failed because the DNS configuration on your system is broken or unreachable. Unlike a general “DNS server not responding” error which suggests the server is temporarily down, BAD_CONFIG specifically points to a configuration problem – something about how your device is set up to use DNS is wrong.
You will see this error in Chrome and Chromium-based browsers (Edge, Brave, Opera). Firefox shows a different error message for the same underlying problem.
BAD_CONFIG vs NXDOMAIN: what is the difference
Chrome categorizes DNS failures into specific error codes based on what went wrong. Two of the most common are often confused:
DNS_PROBE_FINISHED_BAD_CONFIG means DNS is configured incorrectly on your device or network. The DNS server is either unreachable, not responding at all, or your network settings point to something that is not a valid DNS server. Your device could not even ask the question.
DNS_PROBE_FINISHED_NXDOMAIN means DNS is working correctly, but the domain you are looking for does not exist in DNS. NXDOMAIN stands for “Non-Existent Domain.” Your DNS server responded – it just said “this domain has no records.” The configuration is fine, the domain is the problem.
The distinction matters for diagnosis:
- BAD_CONFIG: fix your network or DNS settings – this post covers that
- NXDOMAIN: the domain itself has a problem, or you typed it incorrectly
If you are seeing a general “DNS server not responding” error rather than a specific Chrome error code, see DNS Server Not Responding: What It Means and How to Fix It for a broader walkthrough of DNS failure causes and fixes.
If you are seeing NXDOMAIN for a domain that should exist, use SiteProbe’s DNS lookup tool to check whether the domain actually has DNS records. If records are missing, the domain owner needs to fix their DNS configuration.
What causes BAD_CONFIG
No DNS server configured
Your network adapter has no DNS server set, or it is set to an invalid value. This can happen after a botched network configuration, a VPN that did not clean up properly after disconnecting, or a manual configuration error.
DNS server is unreachable
Your device has a DNS server configured but cannot reach it. The server address might be correct but the server is down, a firewall is blocking UDP port 53, or the network path to the server is broken.
Corrupted network configuration
Windows, macOS, and Linux all maintain network configuration state that can become corrupted. After system updates, failed network driver installs, or abrupt shutdowns, network settings can end up in an inconsistent state where DNS queries fail even though everything looks correct on the surface.
Router DNS failure
Most devices default to using the router as their DNS server (typically 192.168.1.1 or 192.168.0.1). If the router’s DNS relay process has crashed or its upstream DNS configuration is wrong, every device on the network gets BAD_CONFIG errors even though their individual settings are correct.
IPv6 DNS misconfiguration
If your device has IPv6 enabled but your network does not properly support IPv6 DNS, Chrome may attempt IPv6 DNS lookups that fail before falling back to IPv4. This can produce BAD_CONFIG errors that appear intermittent and are hard to reproduce.
VPN DNS leak protection gone wrong
Some VPNs configure aggressive DNS leak protection that routes all DNS through the VPN’s servers. If the VPN disconnects unexpectedly or its DNS servers become unreachable, the leak protection can block all DNS queries rather than falling back to the system DNS. You get BAD_CONFIG because the configured DNS path is blocked.
Corporate network or proxy interference
On managed corporate networks, DNS traffic may be intercepted, filtered, or routed through a proxy. If that proxy fails or is misconfigured, DNS breaks for everything on the network. This is not something you can fix individually on a managed device.
How to diagnose it
Test DNS manually
Open a terminal or command prompt and test DNS resolution directly:
Windows:
nslookup google.comThen test with a public DNS server:
nslookup google.com 1.1.1.1Mac/Linux:
dig google.com
dig google.com @1.1.1.1If the first command fails and the second succeeds, your configured DNS server is the problem. If both fail, the issue is your network connection.
Check your DNS configuration
Windows:
ipconfig /allLook for “DNS Servers” under your active adapter. If it shows 0.0.0.0, is blank, or shows an IP you do not recognize, that is your problem.
Mac:
scutil --dnsLinux:
cat /etc/resolv.conf
resolvectl statusA correctly configured system should show either your router’s IP (like 192.168.1.1) or a known public DNS server. If the DNS server field is blank or shows an unreachable address, that explains the BAD_CONFIG error.
Check if it is one site or all sites
Try loading several different domains. If every site fails with BAD_CONFIG, the problem is your DNS configuration. If only one specific site fails, the problem is more likely NXDOMAIN in disguise, or the site itself has a DNS problem. Check the specific domain using tools.hostney.com/dns to see its current DNS records.
Test on another device
If a second device on the same network also gets BAD_CONFIG errors, the problem is your router or network configuration. If only your device is affected, the problem is your device’s specific DNS settings.
How to fix it
Switch to a public DNS server
This is the most reliable fix for the majority of BAD_CONFIG errors. Replacing your ISP’s or router’s DNS with a public server eliminates the most common causes in one step.
Recommended public DNS servers:
| Provider | Primary | Secondary |
|---|---|---|
| Cloudflare | 1.1.1.1 | 1.0.0.1 |
| 8.8.8.8 | 8.8.4.4 |
Windows:
- Open Settings > Network & Internet
- Click your active connection (Wi-Fi or Ethernet)
- Click Hardware properties
- Click Edit next to DNS server assignment
- Switch to Manual, enable IPv4
- Enter 1.1.1.1 as primary and 1.0.0.1 as secondary
- Save and close
Mac:
- Open System Settings > Network
- Select your active connection, click Details
- Go to the DNS tab
- Click the + button to add DNS servers
- Add 1.1.1.1 and 1.0.0.1
- Remove any old entries
- Click OK
Linux (NetworkManager):
nmcli con mod "your-connection-name" ipv4.dns "1.1.1.1 1.0.0.1"
nmcli con mod "your-connection-name" ipv4.ignore-auto-dns yes
nmcli con up "your-connection-name"Linux (systemd-resolved):
sudo nano /etc/systemd/resolved.confAdd under
[Resolve]
:
DNS=1.1.1.1 1.0.0.1
FallbackDNS=8.8.8.8 8.8.4.4Then:
sudo systemctl restart systemd-resolvedFlush DNS cache
After changing DNS settings, flush the cache to ensure your device is not still using old cached entries.
Windows:
ipconfig /flushdnsMac:
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponderLinux (systemd-resolved):
sudo resolvectl flush-cachesReset network configuration on Windows
If switching DNS servers does not fix it, the underlying network stack configuration may be corrupted. Run these commands in an elevated command prompt (Run as Administrator):
netsh winsock reset
netsh int ip reset
ipconfig /flushdns
ipconfig /release
ipconfig /renewRestart your computer after running these commands. This resets the Windows network stack to a clean state and forces DHCP to reassign your network configuration including DNS servers.
Reset network settings on Mac
Open Terminal and run:
sudo killall -HUP mDNSResponder
sudo dscacheutil -flushcacheFor more persistent problems on Mac, removing and re-adding your network connection forces a clean configuration:
- Open System Settings > Network
- Click the minus button to remove your active connection
- Click the plus button to add it back
- Reconfigure with your DNS settings
Disable IPv6 temporarily
If you suspect IPv6 DNS issues are the cause, try disabling IPv6 and testing:
Windows:
- Open Network Connections (ncpa.cpl)
- Right-click your adapter, Properties
- Uncheck Internet Protocol Version 6 (TCP/IPv6)
- Click OK
Mac:
- System Settings > Network > your connection > Details
- TCP/IP tab
- Set Configure IPv6 to Off
If BAD_CONFIG errors stop after disabling IPv6, the issue is your IPv6 DNS configuration. You can re-enable IPv6 and manually configure IPv6 DNS servers, or leave it disabled if IPv6 is not required.
Restart your router
For network-wide BAD_CONFIG errors affecting all devices, restart the router. This resets the router’s DNS relay process and clears its cache. If your ISP’s DNS is the upstream problem, the router restart alone will not fix it – switch to a public DNS server on the router level:
Most router admin interfaces (usually accessible at 192.168.1.1 or 192.168.0.1) have a DNS server setting under WAN or Internet settings. Changing the router’s upstream DNS to 1.1.1.1 and 8.8.8.8 fixes the problem for every device on the network at once, without configuring each device individually.
Disconnect your VPN
If you are using a VPN, disconnect it and test DNS. If the error clears, your VPN’s DNS configuration or leak protection is causing the problem. Check your VPN client’s settings for DNS leak protection options, or configure it to use a specific DNS server rather than relying on automatic configuration.
Fixing BAD_CONFIG on Android
On Android, DNS_PROBE_FINISHED_BAD_CONFIG appears in Chrome mobile with the same causes as desktop. The fixes differ slightly:
Switch to private DNS (Android 9 and later):
- Open Settings > Network & Internet > Private DNS
- Select “Private DNS provider hostname”
- Enter one.one.one.one (Cloudflare) or dns.google (Google)
- Save
Private DNS on Android uses DNS-over-TLS, which encrypts your DNS queries and bypasses the carrier’s DNS servers entirely. This is the most effective fix for Android BAD_CONFIG errors.
Forget and reconnect to Wi-Fi:
- Open Settings > Wi-Fi
- Long press your network and select Forget
- Reconnect and re-enter the password
This forces Android to re-fetch all DHCP configuration including DNS servers, which clears misconfigured DNS settings from a previous connection.
Check for VPN or security app interference: Many Android security apps include DNS filtering or a local VPN that routes DNS queries. If one of these is misconfigured or failing, it produces BAD_CONFIG errors. Temporarily disable security apps to test.
Why this error appears after network changes
BAD_CONFIG errors commonly appear after:
- Installing or uninstalling a VPN
- Changing network settings manually
- A Windows or macOS update that reset network configuration
- Switching between networks (home, work, public Wi-Fi) if the DNS is set manually for one network
- Connecting a new router without configuring DNS on it
In all these cases, the fix is the same: explicitly set your DNS to a known working server (1.1.1.1 or 8.8.8.8) rather than relying on automatic configuration that may have been corrupted or left in an inconsistent state.
Summary
DNS_PROBE_FINISHED_BAD_CONFIG means your device’s DNS configuration is broken – either no DNS server is configured, the configured server is unreachable, or your network stack is in a corrupted state. The most reliable fix is switching to a public DNS server like Cloudflare (1.1.1.1) or Google (8.8.8.8), flushing your DNS cache, and if needed resetting your network configuration. On Android, enabling Private DNS in system settings bypasses carrier DNS entirely and prevents the issue from recurring. If the error only affects one domain rather than all sites, the problem is the domain’s DNS configuration, not yours – use tools.hostney.com/dns to verify what records the domain has.