DNS Return Codes
There are many reasons why a DNS query may succeed or fail.
Below is a list of the return codes and what they mean. You can filter for DNS response codes in your DigitalStakeout Securd DNS Dashboard and Log Analytics.
0: NoError. This indicates that the DNS query was successful and that the requested information was returned.
1: FormErr. This indicates that the DNS query was malformed and could not be processed.
2: ServFail. This indicates that the DNS server encountered an error while attempting to process the query.
3: NXDomain. This indicates that the domain name in the query does not exist.
4: NotImp. This indicates that the DNS server does not support the query type that was requested.
5: Refused. This indicates that the DNS server refuses to process the query for policy reasons.
6: YXDomain. This indicates that the domain name in the query exists when it should not.
7: YXRRSet. This indicates that a resource record set (RRset) exists when it should not.
8: NXRRSet. This indicates that a resource record set (RRset) that should exist does not.
9: NotAuth. This indicates that the DNS server is not authoritative for the requested domain.
10: NotZone. This indicates that the name in the query is not contained within the DNS server's zone of authority.
11: DSOTYPENI. This indicates that the DSO-TYPE (Dynamic Shared Object) is not implemented by the DNS server.
16: BADVERS. This indicates that the OPT (Extended DNS) version is bad or unrecognized.
16: BADSIG. This indicates that the TSIG (Transaction Signature) signature is invalid or fails verification.
17: BADKEY. This indicates that the key specified in the query is not recognized by the DNS server.
18: BADTIME. This indicates that the TSIG signature is outside of the acceptable time window for validation.
19: BADMODE. This indicates that the TKEY (Transaction Key) mode is invalid or unsupported.
20: BADNAME. This indicates that the key name specified in the query is a duplicate.
21: BADALG. This indicates that the algorithm specified in the query is not supported by the DNS server.
22: BADTRUNC. This indicates that the reply was truncated or incomplete due to a length limit.
23: BADCOOKIE. This indicates that the Server Cookie specified in the query is invalid or missing.
Updated about 1 year ago