search cancel

WSS: 'DNS_PROBE_FINISHED_NXDOMAIN' error when browsing websites


Article ID: 173590


Updated On:


Web Security Service - WSS


Users get a 'DNS_PROBE_FINISHED_NXDOMAIN' error message when they browse the Internet, however, the page does load successfully if you try it several times.

This issue only happens when connected through the WSS Agent (WSSA).

This site can't be reached: DNS_PROBE_FINISHED_NXDOMAIN


If the computer prefers IPv6 over IPv4 and if the "Allow IPv6 traffic" option is disabled in the WSS Portal, then this issue can occur.

NOTE: For stronger security with WSSA, it is recommended that "Allow IPv6 traffic" be DISABLED.

If the computer prefers IPv6, then DNS queries are first attempted with AAAA (IPv6) DNS requests...instead of A (IPv4) DNS queries.  And if "Allow IPv6 traffic" is disabled (recommended), then IPv6 DNS queries are blocked...which results in the "NXDOMAIN" error.  This is expected behavior.


There are a few potential solutions to this issue.  And it may require a combination of these to fully resolve the issue: 

  • Update network drivers.

  • Prefer IPv4 over IPv6 on the client computer.

  • Disable IPv6 on the client computer.  (NOTE: Microsoft recommends using "Prefer IPv4 over IPv6" instead of fully disabling IPv6)


Additional Information

WSS Agent - IPv6 support