ProductPricingLoginNetwork Status
Guides

DNS Return Codes

There are many reasons why a DNS query may succeed or fail.

Below is a list of the return codes and what they mean. You can filter for DNS response codes in your DigitalStakeout Securd DNS Dashboard and Log Analytics.

0: NoError. This indicates that the DNS query was successful and that the requested information was returned.

1: FormErr. This indicates that the DNS query was malformed and could not be processed.

2: ServFail. This indicates that the DNS server encountered an error while attempting to process the query.

3: NXDomain. This indicates that the domain name in the query does not exist.

4: NotImp. This indicates that the DNS server does not support the query type that was requested.

5: Refused. This indicates that the DNS server refuses to process the query for policy reasons.

6: YXDomain. This indicates that the domain name in the query exists when it should not.

7: YXRRSet. This indicates that a resource record set (RRset) exists when it should not.

8: NXRRSet. This indicates that a resource record set (RRset) that should exist does not.

9: NotAuth. This indicates that the DNS server is not authoritative for the requested domain.

10: NotZone. This indicates that the name in the query is not contained within the DNS server's zone of authority.

11: DSOTYPENI. This indicates that the DSO-TYPE (Dynamic Shared Object) is not implemented by the DNS server.

16: BADVERS. This indicates that the OPT (Extended DNS) version is bad or unrecognized.

16: BADSIG. This indicates that the TSIG (Transaction Signature) signature is invalid or fails verification.

17: BADKEY. This indicates that the key specified in the query is not recognized by the DNS server.

18: BADTIME. This indicates that the TSIG signature is outside of the acceptable time window for validation.

19: BADMODE. This indicates that the TKEY (Transaction Key) mode is invalid or unsupported.

20: BADNAME. This indicates that the key name specified in the query is a duplicate.

21: BADALG. This indicates that the algorithm specified in the query is not supported by the DNS server.

22: BADTRUNC. This indicates that the reply was truncated or incomplete due to a length limit.

23: BADCOOKIE. This indicates that the Server Cookie specified in the query is invalid or missing.

Updated 11 months ago